Overview

overview

8

Static

static

3

test.exe

windows7-x64

test.exe

windows10-2004-x64

Analysis

  • max time kernel
    146s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2024, 18:13

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    test.exe

  • Size

    5.3MB

  • MD5

    b59631e064541c8651576128708e50f9

  • SHA1

    7aae996d4990f37a48288fa5f15a7889c3ff49b3

  • SHA256

    4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002

  • SHA512

    571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92

  • SSDEEP

    98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Creates new service(s) 1 TTPs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Stops running service(s) 3 TTPs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Launches sc.exe 9 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 47 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
          PID:316
      • C:\Windows\system32\lsass.exe
        C:\Windows\system32\lsass.exe
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:660
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
        1⤵
          PID:944
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
          1⤵
            PID:388
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k netsvcs -p -s DsmSvc
            1⤵
            • Modifies data under HKEY_USERS
            • Suspicious use of UnmapMainImage
            PID:404
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
            1⤵
              PID:828
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
              1⤵
                PID:1092
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                1⤵
                  PID:1104
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                  1⤵
                    PID:1116
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                    1⤵
                      PID:1136
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                      1⤵
                        PID:1260
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                        1⤵
                          PID:1316
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                          1⤵
                            PID:1348
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                            1⤵
                              PID:1376
                            • C:\Windows\sysmon.exe
                              C:\Windows\sysmon.exe
                              1⤵
                                PID:2836
                              • C:\Users\Admin\AppData\Local\Temp\test.exe
                                "C:\Users\Admin\AppData\Local\Temp\test.exe"
                                1⤵
                                • Checks computer location settings
                                • Suspicious use of WriteProcessMemory
                                PID:432
                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGwAZQBzACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGoAcQBoACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGYAZwBmACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHkAaABlACMAPgA="
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:3848
                                • C:\Users\Admin\AppData\Roaming\Miner.exe
                                  "C:\Users\Admin\AppData\Roaming\Miner.exe"
                                  2⤵
                                  • Drops file in Drivers directory
                                  • Executes dropped EXE
                                  • Drops file in System32 directory
                                  • Suspicious use of SetThreadContext
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of WriteProcessMemory
                                  PID:2008
                                  • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4472
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                    3⤵
                                    • Suspicious use of WriteProcessMemory
                                    PID:2984
                                    • C:\Windows\system32\wusa.exe
                                      wusa /uninstall /kb:890830 /quiet /norestart
                                      4⤵
                                        PID:3772
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe stop UsoSvc
                                      3⤵
                                      • Launches sc.exe
                                      PID:4780
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                      3⤵
                                      • Launches sc.exe
                                      PID:1840
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe stop wuauserv
                                      3⤵
                                      • Launches sc.exe
                                      PID:4140
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe stop bits
                                      3⤵
                                      • Launches sc.exe
                                      PID:2784
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe stop dosvc
                                      3⤵
                                      • Launches sc.exe
                                      PID:4400
                                    • C:\Windows\system32\dialer.exe
                                      C:\Windows\system32\dialer.exe
                                      3⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of WriteProcessMemory
                                      PID:2436
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe delete "RYVSUJUA"
                                      3⤵
                                      • Launches sc.exe
                                      PID:1676
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe create "RYVSUJUA" binpath= "C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe" start= "auto"
                                      3⤵
                                      • Launches sc.exe
                                      PID:1084
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe stop eventlog
                                      3⤵
                                      • Launches sc.exe
                                      PID:1296
                                    • C:\Windows\system32\sc.exe
                                      C:\Windows\system32\sc.exe start "RYVSUJUA"
                                      3⤵
                                      • Launches sc.exe
                                      PID:4900
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Roaming\Miner.exe"
                                      3⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:5040
                                      • C:\Windows\system32\choice.exe
                                        choice /C Y /N /D Y /T 3
                                        4⤵
                                          PID:1152
                                    • C:\Users\Admin\AppData\Roaming\Shortcutter.exe
                                      "C:\Users\Admin\AppData\Roaming\Shortcutter.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      PID:2504
                                  • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                    C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1148
                                    • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                      2⤵
                                      • Drops file in System32 directory
                                      • Modifies data under HKEY_USERS
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3624
                                  • C:\Windows\system32\sihost.exe
                                    sihost.exe
                                    1⤵
                                      PID:2184
                                    • C:\Windows\system32\sihost.exe
                                      sihost.exe
                                      1⤵
                                        PID:3180
                                      • C:\Windows\system32\sihost.exe
                                        sihost.exe
                                        1⤵
                                          PID:3428
                                        • C:\Windows\system32\sihost.exe
                                          sihost.exe
                                          1⤵
                                            PID:4176
                                          • C:\Windows\system32\sihost.exe
                                            sihost.exe
                                            1⤵
                                              PID:3804
                                            • C:\Windows\system32\sihost.exe
                                              sihost.exe
                                              1⤵
                                                PID:4432

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                                Filesize

                                                1.6MB

                                                MD5

                                                e4d5c12ce94a05b38f3805e49e5925ce

                                                SHA1

                                                872eac70b9d04d9d06a7993f05bdbe8df56bcf4a

                                                SHA256

                                                12881effc80435b2e881c2516ce83be512c9a653b6c3d35ee6e911fbe3b4cac8

                                                SHA512

                                                5234b57000af15fc2abaca518d6c9aeab36a820e28e1898afca6ffb3a2a8bf3504440475482ff188a1157ccf4dc582fbed80214f48ee7ce7b4145f201758a8be

                                                Download Submit

                                              • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                                Filesize

                                                1.8MB

                                                MD5

                                                e89371f755b748bdd303134b0eaf8ea9

                                                SHA1

                                                ede64fa99dea78ca56d6b7995892d6c1f0116f2a

                                                SHA256

                                                ca5f6dff3e541dbebc198ceb1db70ea9241e0733b305cb8f6825f65e4582b9c4

                                                SHA512

                                                5261230f56d7e9d56506dbc7f8f6f96a9317d8583eb052bb94ac3d05765b27a6c3efeae3958f4da25ecea83183593321fc0b38e23ec85d52f08574b468bf7d2a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                Filesize

                                                18KB

                                                MD5

                                                e34b694aab6b5834308af1fd32c1ee38

                                                SHA1

                                                23898b369d2e052032d445807c3fcae93da69580

                                                SHA256

                                                b94416f991c791a965a342a94337dfd5b674cb52ee8e910f5460cbec385ce646

                                                SHA512

                                                8b4bde4651d8b1c3e80a2696b19b6a414100d25e5bd931b1afe8a031476feae56d311e7041a686ea0a12d39c08e8c305a0df9557fa93d7b9175f2d2287efff6c

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_auygfdje.c1t.ps1
                                                Filesize

                                                60B

                                                MD5

                                                d17fe0a3f47be24a6453e9ef58c94641

                                                SHA1

                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                SHA256

                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                SHA512

                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Miner.exe
                                                Filesize

                                                5.3MB

                                                MD5

                                                99201be105bf0a4b25d9c5113da723fb

                                                SHA1

                                                443e6e285063f67cb46676b3951733592d569a7c

                                                SHA256

                                                e4eda2de1dab7a3891b0ed6eff0ccd905ff4b275150004c6eb5f1d6582eea9a2

                                                SHA512

                                                b57ae7282f2798cbf231f8ca6081b5fab10068566a49f0ad735e8408ccd73d77efb5c26a48b7591e20711f0adbd9e619b40078b9c51d31b7a9768104529e7808

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Shortcutter.exe
                                                Filesize

                                                50KB

                                                MD5

                                                4ce8fc5016e97f84dadaf983cca845f2

                                                SHA1

                                                0d6fb5a16442cf393d5658a9f40d2501d8fd725c

                                                SHA256

                                                f4da7f22e8eb28cfd8ecb0c3fdc8923b2ba5c5e96b917cbcf53b6bbed1c22551

                                                SHA512

                                                4adeb4774ca136a085bc92cf6f02aa340f927ae12e1db90e8a2be69ef045611d333904ef5714c876ab03f8bcc52ee0140e724bd1659b9cf9eacf0a7d6a7bdd46

                                                Download Submit

                                              • C:\Windows\System32\catroot2\dberr.txt
                                                Filesize

                                                19KB

                                                MD5

                                                a760523cbcd276d35ec22f8aeacde99d

                                                SHA1

                                                65bc912a05af7e0ca980d0f62710df3cb1fc79cb

                                                SHA256

                                                36d6f09157361b5f9cb01c4e19f38c45de7c898f43a6b8c03426f81dc3b57b5d

                                                SHA512

                                                16b30c9efbbae1ba932d2063707dedc91bbac4246debc63a830ce3fc2a88a8142a590b3da90f8d33d7f5092ef6c024c1a7d009a03450ebf9ab212f023e409537

                                                Download Submit

                                              • memory/316-113-0x000001DA15F40000-0x000001DA15F6B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/316-130-0x00007FFA152AF000-0x00007FFA152B0000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/316-126-0x000001DA15F40000-0x000001DA15F6B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/388-143-0x00000278989D0000-0x00000278989FB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/388-121-0x00000278989D0000-0x00000278989FB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/388-124-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/404-122-0x0000021F41180000-0x0000021F411AB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/404-131-0x0000021F41180000-0x0000021F411AB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/404-125-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/612-103-0x000001DD1A3B0000-0x000001DD1A3DB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/612-101-0x000001DD1A380000-0x000001DD1A3A4000-memory.dmp

                                                Filesize

                                                144KB

                                                Download

                                              • memory/612-110-0x00007FFA152AD000-0x00007FFA152AE000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/612-107-0x000001DD1A3B0000-0x000001DD1A3DB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/612-176-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/612-177-0x000001DD1A3B0000-0x000001DD1A3DB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/660-115-0x0000015D27C30000-0x0000015D27C5B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/660-118-0x00007FFA152AD000-0x00007FFA152AE000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/660-120-0x00007FFA152AF000-0x00007FFA152B0000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/660-108-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/660-105-0x0000015D27C30000-0x0000015D27C5B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/828-138-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/828-135-0x0000024652130000-0x000002465215B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/828-139-0x0000024652130000-0x000002465215B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/828-196-0x0000024652130000-0x000002465215B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/944-128-0x00007FFA152AC000-0x00007FFA152AD000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/944-123-0x00000254E5710000-0x00000254E573B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/944-112-0x00000254E5710000-0x00000254E573B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/944-116-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1092-144-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1092-197-0x0000016E353A0000-0x0000016E353CB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1092-140-0x0000016E353A0000-0x0000016E353CB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1104-205-0x000002E6AEA60000-0x000002E6AEA8B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1104-156-0x000002E6AEA60000-0x000002E6AEA8B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1104-160-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1116-164-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1116-161-0x000002AD46260000-0x000002AD4628B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1116-206-0x000002AD46260000-0x000002AD4628B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1136-168-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1136-166-0x000001DD6CFA0000-0x000001DD6CFCB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1260-170-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1260-167-0x0000020CD6590000-0x0000020CD65BB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1316-171-0x000001E961B90000-0x000001E961BBB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1316-174-0x00007FF9D5290000-0x00007FF9D52A0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/1348-198-0x00000143D6160000-0x00000143D618B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/1376-199-0x000001C9AE1C0000-0x000001C9AE1EB000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-88-0x0000000140000000-0x000000014002B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-93-0x00007FFA15210000-0x00007FFA15405000-memory.dmp

                                                Filesize

                                                2.0MB

                                                Download

                                              • memory/2436-87-0x0000000140000000-0x000000014002B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-89-0x0000000140000000-0x000000014002B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-90-0x0000000140000000-0x000000014002B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-98-0x0000000140000000-0x000000014002B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-92-0x0000000140000000-0x000000014002B000-memory.dmp

                                                Filesize

                                                172KB

                                                Download

                                              • memory/2436-94-0x00007FFA14250000-0x00007FFA1430E000-memory.dmp

                                                Filesize

                                                760KB

                                                Download

                                              • memory/2504-191-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download

                                              • memory/2504-21-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download

                                              • memory/2504-22-0x000002913F8E0000-0x000002913F8F0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/2504-104-0x000002913F8E0000-0x000002913F8F0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/2504-82-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download

                                              • memory/2504-19-0x00000291253A0000-0x00000291253B2000-memory.dmp

                                                Filesize

                                                72KB

                                                Download

                                              • memory/3624-194-0x00000227AB1E0000-0x00000227AB1F0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/3624-188-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download

                                              • memory/3624-200-0x00000227AB1E0000-0x00000227AB1F0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/3624-136-0x00000227AB1E0000-0x00000227AB1F0000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/3624-216-0x00000227C3C60000-0x00000227C3C7C000-memory.dmp

                                                Filesize

                                                112KB

                                                Download

                                              • memory/3624-133-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download

                                              • memory/3848-60-0x00000000072A0000-0x00000000072B1000-memory.dmp

                                                Filesize

                                                68KB

                                                Download

                                              • memory/3848-53-0x0000000006330000-0x000000000634E000-memory.dmp

                                                Filesize

                                                120KB

                                                Download

                                              • memory/3848-20-0x0000000002790000-0x00000000027C6000-memory.dmp

                                                Filesize

                                                216KB

                                                Download

                                              • memory/3848-23-0x0000000002800000-0x0000000002810000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/3848-24-0x0000000004E60000-0x0000000005488000-memory.dmp

                                                Filesize

                                                6.2MB

                                                Download

                                              • memory/3848-26-0x0000000005500000-0x0000000005522000-memory.dmp

                                                Filesize

                                                136KB

                                                Download

                                              • memory/3848-33-0x0000000005780000-0x00000000057E6000-memory.dmp

                                                Filesize

                                                408KB

                                                Download

                                              • memory/3848-27-0x00000000056A0000-0x0000000005706000-memory.dmp

                                                Filesize

                                                408KB

                                                Download

                                              • memory/3848-38-0x00000000058F0000-0x0000000005C44000-memory.dmp

                                                Filesize

                                                3.3MB

                                                Download

                                              • memory/3848-39-0x0000000005D40000-0x0000000005D5E000-memory.dmp

                                                Filesize

                                                120KB

                                                Download

                                              • memory/3848-40-0x0000000005D80000-0x0000000005DCC000-memory.dmp

                                                Filesize

                                                304KB

                                                Download

                                              • memory/3848-42-0x0000000006F50000-0x0000000006F82000-memory.dmp

                                                Filesize

                                                200KB

                                                Download

                                              • memory/3848-41-0x000000007F550000-0x000000007F560000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/3848-43-0x0000000074B60000-0x0000000074BAC000-memory.dmp

                                                Filesize

                                                304KB

                                                Download

                                              • memory/3848-54-0x0000000002800000-0x0000000002810000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/3848-25-0x0000000073570000-0x0000000073D20000-memory.dmp

                                                Filesize

                                                7.7MB

                                                Download

                                              • memory/3848-55-0x0000000006F90000-0x0000000007033000-memory.dmp

                                                Filesize

                                                652KB

                                                Download

                                              • memory/3848-57-0x00000000070A0000-0x00000000070BA000-memory.dmp

                                                Filesize

                                                104KB

                                                Download

                                              • memory/3848-56-0x00000000076E0000-0x0000000007D5A000-memory.dmp

                                                Filesize

                                                6.5MB

                                                Download

                                              • memory/3848-58-0x0000000007110000-0x000000000711A000-memory.dmp

                                                Filesize

                                                40KB

                                                Download

                                              • memory/3848-59-0x0000000007330000-0x00000000073C6000-memory.dmp

                                                Filesize

                                                600KB

                                                Download

                                              • memory/3848-62-0x00000000072F0000-0x0000000007304000-memory.dmp

                                                Filesize

                                                80KB

                                                Download

                                              • memory/3848-63-0x00000000073D0000-0x00000000073EA000-memory.dmp

                                                Filesize

                                                104KB

                                                Download

                                              • memory/3848-64-0x0000000007320000-0x0000000007328000-memory.dmp

                                                Filesize

                                                32KB

                                                Download

                                              • memory/3848-67-0x0000000073570000-0x0000000073D20000-memory.dmp

                                                Filesize

                                                7.7MB

                                                Download

                                              • memory/3848-61-0x00000000072E0000-0x00000000072EE000-memory.dmp

                                                Filesize

                                                56KB

                                                Download

                                              • memory/4472-74-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download

                                              • memory/4472-68-0x000001E0567A0000-0x000001E0567C2000-memory.dmp

                                                Filesize

                                                136KB

                                                Download

                                              • memory/4472-79-0x000001E03E140000-0x000001E03E150000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/4472-81-0x000001E03E140000-0x000001E03E150000-memory.dmp

                                                Filesize

                                                64KB

                                                Download

                                              • memory/4472-85-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

                                                Filesize

                                                10.8MB

                                                Download