Overview

overview

10

Static

static

3

4e5fcc7882...02.exe

windows7-x64

10

4e5fcc7882...02.exe

windows10-2004-x64

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2024 03:31

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe

  • Size

    5.3MB

  • MD5

    b59631e064541c8651576128708e50f9

  • SHA1

    7aae996d4990f37a48288fa5f15a7889c3ff49b3

  • SHA256

    4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002

  • SHA512

    571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92

  • SSDEEP

    98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Drops file in Drivers directory 1 IoCs
  • Stops running service(s) 3 TTPs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Launches sc.exe 9 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 46 IoCs
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:688
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
    1⤵
      PID:968
    • C:\Windows\system32\dwm.exe
      "dwm.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:388
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
      1⤵
        PID:528
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
        1⤵
          PID:392
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
          1⤵
            PID:1032
          • C:\Windows\sysmon.exe
            C:\Windows\sysmon.exe
            1⤵
              PID:2776
            • C:\Users\Admin\AppData\Local\Temp\4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe
              "C:\Users\Admin\AppData\Local\Temp\4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe"
              1⤵
              • Checks computer location settings
              • Suspicious use of WriteProcessMemory
              PID:1456
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGwAZQBzACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGoAcQBoACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGYAZwBmACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHkAaABlACMAPgA="
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:700
              • C:\Users\Admin\AppData\Roaming\Miner.exe
                "C:\Users\Admin\AppData\Roaming\Miner.exe"
                2⤵
                • Drops file in Drivers directory
                • Executes dropped EXE
                • Drops file in System32 directory
                • Suspicious use of SetThreadContext
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:2420
                • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                  3⤵
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5004
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                  3⤵
                  • Suspicious use of WriteProcessMemory
                  PID:1144
                  • C:\Windows\system32\wusa.exe
                    wusa /uninstall /kb:890830 /quiet /norestart
                    4⤵
                      PID:1392
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe stop UsoSvc
                    3⤵
                    • Launches sc.exe
                    PID:1236
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe stop WaaSMedicSvc
                    3⤵
                    • Launches sc.exe
                    PID:332
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe stop wuauserv
                    3⤵
                    • Launches sc.exe
                    PID:5072
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe stop bits
                    3⤵
                    • Launches sc.exe
                    PID:4596
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe stop dosvc
                    3⤵
                    • Launches sc.exe
                    PID:1088
                  • C:\Windows\system32\dialer.exe
                    C:\Windows\system32\dialer.exe
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2892
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe delete "RYVSUJUA"
                    3⤵
                    • Launches sc.exe
                    PID:3876
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe create "RYVSUJUA" binpath= "C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe" start= "auto"
                    3⤵
                    • Launches sc.exe
                    PID:3732
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe stop eventlog
                    3⤵
                    • Launches sc.exe
                    PID:4992
                  • C:\Windows\system32\sc.exe
                    C:\Windows\system32\sc.exe start "RYVSUJUA"
                    3⤵
                    • Launches sc.exe
                    PID:1652
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Roaming\Miner.exe"
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4740
                    • C:\Windows\system32\choice.exe
                      choice /C Y /N /D Y /T 3
                      4⤵
                        PID:4372
                  • C:\Users\Admin\AppData\Roaming\Shortcutter.exe
                    "C:\Users\Admin\AppData\Roaming\Shortcutter.exe"
                    2⤵
                    • Executes dropped EXE
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4000
                • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                  C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                  1⤵
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2492
                  • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                    2⤵
                    • Drops file in System32 directory
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3536
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:2908
                  • C:\Windows\system32\sihost.exe
                    sihost.exe
                    1⤵
                      PID:708
                    • C:\Windows\system32\sihost.exe
                      sihost.exe
                      1⤵
                        PID:3636
                      • C:\Windows\system32\sihost.exe
                        sihost.exe
                        1⤵
                          PID:4592
                        • C:\Windows\system32\sihost.exe
                          sihost.exe
                          1⤵
                            PID:1300
                          • C:\Windows\system32\sihost.exe
                            sihost.exe
                            1⤵
                              PID:4276
                            • C:\Windows\system32\sihost.exe
                              sihost.exe
                              1⤵
                                PID:3304
                              • C:\Windows\System32\smss.exe
                                \SystemRoot\System32\smss.exe 000000f4 00000084
                                1⤵
                                  PID:632
                                • C:\Windows\System32\smss.exe
                                  \SystemRoot\System32\smss.exe 000000dc 00000084
                                  1⤵
                                    PID:1392
                                  • C:\Windows\System32\smss.exe
                                    \SystemRoot\System32\smss.exe 000000c8 00000084
                                    1⤵
                                      PID:2892

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                      Filesize

                                      1.2MB

                                      MD5

                                      5e4618aa614515ef71397d0032e5c3db

                                      SHA1

                                      318692bed43c2876260a43c23a3dfa570cf9be69

                                      SHA256

                                      16e51eb2b0380f88d59ddbe83da66dafb50951498b283717708273a535c81e92

                                      SHA512

                                      c7f8ac6ae27f8f53cd54cc680f4644e0c1ece392e8177ed0b2365dbf35e67787dca8134eb22c98a780f14c780233e2e93bf833b44e261aa5e46b13d5d0433bd6

                                      Download Submit

                                    • C:\ProgramData\trmrjvadsnmf\whrbuflqwhah.exe
                                      Filesize

                                      1.8MB

                                      MD5

                                      e89371f755b748bdd303134b0eaf8ea9

                                      SHA1

                                      ede64fa99dea78ca56d6b7995892d6c1f0116f2a

                                      SHA256

                                      ca5f6dff3e541dbebc198ceb1db70ea9241e0733b305cb8f6825f65e4582b9c4

                                      SHA512

                                      5261230f56d7e9d56506dbc7f8f6f96a9317d8583eb052bb94ac3d05765b27a6c3efeae3958f4da25ecea83183593321fc0b38e23ec85d52f08574b468bf7d2a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                      Filesize

                                      18KB

                                      MD5

                                      951d11675a25d5cbe4d460bf9269e6d6

                                      SHA1

                                      4e6e95fda7cd5e8cd947505d55bbbbe702a84fa1

                                      SHA256

                                      47695dd3514cc863f4a6e598649e9a75179aa2c7e5d50e547e4eab4b36ce3c64

                                      SHA512

                                      2e25d4009581f9e01e9481567b0dfd6da4b511c703a7a7f39a04856ddf38e5ad17f6e2c12d611c84e12283ec53cd7410559ccd5630510dd962abcf8b1c192ef1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y5mzipsz.det.ps1
                                      Filesize

                                      60B

                                      MD5

                                      d17fe0a3f47be24a6453e9ef58c94641

                                      SHA1

                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                      SHA256

                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                      SHA512

                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Miner.exe
                                      Filesize

                                      5.0MB

                                      MD5

                                      dfd54d06b95a37bc065cc8332a7a1120

                                      SHA1

                                      a9089a44c8ef4ced5baf20647f7f7948a56f11bf

                                      SHA256

                                      1887aac5ad32583da835905ea60cab8c68727eebbfd6633ab1ad9d304df8271b

                                      SHA512

                                      be35f74a8f26db0d5e9eb83688abcf74377b1c463230dc8ca89fd91bea08506b77173ae9d6915c126dd95de5d5b6258c311c5fe164bcf2accbea3c3837682a5b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Miner.exe
                                      Filesize

                                      3.9MB

                                      MD5

                                      4c32e6a6948ebe144d8533ad6859f335

                                      SHA1

                                      2a7262c7b5b7a421b574005de28efc35bee8fa69

                                      SHA256

                                      2601c4d117a89e6bc867a66a184b79f6f2919827bd56ef2119a4bf18cdfefe91

                                      SHA512

                                      34e76ecc992729b7614eb9c9c0a2a4528cce7337d89c4bcd59c5c8932f86eb2cc430e42e6e3cdc6df07d2f6a4bbc345beac0842bcb2d9779b063254dbbfc4751

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Miner.exe
                                      Filesize

                                      3.4MB

                                      MD5

                                      2f3ec4f9298b428a81bd2831b4ebb94f

                                      SHA1

                                      f690c634efacda87e25b3cad1ebc3372721e5d46

                                      SHA256

                                      a8f2eac77fc10d3460b51f40100a1cef0465a6ec8cccc77b3ac4a613a6ecdd1b

                                      SHA512

                                      b64ed4e9a6a023e1dd0ce6999001b9a15b731f224ab67264e464abb283d59531b7b265af0d59792c0561066faf6343cb034ffa2c7885b3604e68e295901d1dc0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Shortcutter.exe
                                      Filesize

                                      50KB

                                      MD5

                                      4ce8fc5016e97f84dadaf983cca845f2

                                      SHA1

                                      0d6fb5a16442cf393d5658a9f40d2501d8fd725c

                                      SHA256

                                      f4da7f22e8eb28cfd8ecb0c3fdc8923b2ba5c5e96b917cbcf53b6bbed1c22551

                                      SHA512

                                      4adeb4774ca136a085bc92cf6f02aa340f927ae12e1db90e8a2be69ef045611d333904ef5714c876ab03f8bcc52ee0140e724bd1659b9cf9eacf0a7d6a7bdd46

                                      Download Submit

                                    • C:\Windows\System32\catroot2\dberr.txt
                                      Filesize

                                      19KB

                                      MD5

                                      44a203acf78db40991cdc253ae1b9ed8

                                      SHA1

                                      9654680d9e8fb51c1ddf77e2762b9418d467ce83

                                      SHA256

                                      5447a277e0672043936132b60b3d1730c9274f00253268ac0e63a581aa54be07

                                      SHA512

                                      72eab58b481fbdfafb25ed33ec97ffd3cb226bc77b82dbe1b3e31ba359d1ec73c9dbafc8f5f128b3514ad9055b3c38656772c632cf5d496943d7c5320700fe8d

                                      Download Submit

                                    • memory/388-128-0x00000288319C0000-0x00000288319EB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/388-119-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/388-116-0x00000288319C0000-0x00000288319EB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/392-156-0x0000019241BD0000-0x0000019241BFB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/392-150-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/392-138-0x0000019241BD0000-0x0000019241BFB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/528-134-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/528-130-0x000002B4E0DA0000-0x000002B4E0DCB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/528-158-0x000002B4E0DA0000-0x000002B4E0DCB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/632-118-0x000002832EE90000-0x000002832EEBB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/632-106-0x000002832EE90000-0x000002832EEBB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/632-105-0x000002832EE60000-0x000002832EE84000-memory.dmp

                                      Filesize

                                      144KB

                                      Download

                                    • memory/688-111-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/688-108-0x000001A6C93A0000-0x000001A6C93CB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/688-124-0x000001A6C93A0000-0x000001A6C93CB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/700-58-0x00000000075F0000-0x000000000760A000-memory.dmp

                                      Filesize

                                      104KB

                                      Download

                                    • memory/700-40-0x00000000062E0000-0x00000000062FE000-memory.dmp

                                      Filesize

                                      120KB

                                      Download

                                    • memory/700-56-0x0000000007300000-0x00000000073A3000-memory.dmp

                                      Filesize

                                      652KB

                                      Download

                                    • memory/700-59-0x0000000007660000-0x000000000766A000-memory.dmp

                                      Filesize

                                      40KB

                                      Download

                                    • memory/700-60-0x0000000007880000-0x0000000007916000-memory.dmp

                                      Filesize

                                      600KB

                                      Download

                                    • memory/700-55-0x00000000068A0000-0x00000000068BE000-memory.dmp

                                      Filesize

                                      120KB

                                      Download

                                    • memory/700-45-0x0000000075150000-0x000000007519C000-memory.dmp

                                      Filesize

                                      304KB

                                      Download

                                    • memory/700-44-0x00000000072C0000-0x00000000072F2000-memory.dmp

                                      Filesize

                                      200KB

                                      Download

                                    • memory/700-74-0x0000000007820000-0x0000000007831000-memory.dmp

                                      Filesize

                                      68KB

                                      Download

                                    • memory/700-43-0x000000007F370000-0x000000007F380000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/700-42-0x0000000004E60000-0x0000000004E70000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/700-41-0x0000000006320000-0x000000000636C000-memory.dmp

                                      Filesize

                                      304KB

                                      Download

                                    • memory/700-77-0x0000000073B60000-0x0000000074310000-memory.dmp

                                      Filesize

                                      7.7MB

                                      Download

                                    • memory/700-57-0x0000000007C30000-0x00000000082AA000-memory.dmp

                                      Filesize

                                      6.5MB

                                      Download

                                    • memory/700-39-0x0000000005D00000-0x0000000006054000-memory.dmp

                                      Filesize

                                      3.3MB

                                      Download

                                    • memory/700-82-0x0000000007850000-0x000000000785E000-memory.dmp

                                      Filesize

                                      56KB

                                      Download

                                    • memory/700-83-0x0000000007860000-0x0000000007874000-memory.dmp

                                      Filesize

                                      80KB

                                      Download

                                    • memory/700-29-0x0000000005C90000-0x0000000005CF6000-memory.dmp

                                      Filesize

                                      408KB

                                      Download

                                    • memory/700-28-0x0000000005BB0000-0x0000000005C16000-memory.dmp

                                      Filesize

                                      408KB

                                      Download

                                    • memory/700-27-0x0000000005AD0000-0x0000000005AF2000-memory.dmp

                                      Filesize

                                      136KB

                                      Download

                                    • memory/700-88-0x0000000007940000-0x000000000795A000-memory.dmp

                                      Filesize

                                      104KB

                                      Download

                                    • memory/700-26-0x00000000054A0000-0x0000000005AC8000-memory.dmp

                                      Filesize

                                      6.2MB

                                      Download

                                    • memory/700-25-0x0000000004E60000-0x0000000004E70000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/700-24-0x0000000004E60000-0x0000000004E70000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/700-101-0x0000000073B60000-0x0000000074310000-memory.dmp

                                      Filesize

                                      7.7MB

                                      Download

                                    • memory/700-94-0x0000000007930000-0x0000000007938000-memory.dmp

                                      Filesize

                                      32KB

                                      Download

                                    • memory/700-21-0x0000000002CF0000-0x0000000002D26000-memory.dmp

                                      Filesize

                                      216KB

                                      Download

                                    • memory/700-22-0x0000000073B60000-0x0000000074310000-memory.dmp

                                      Filesize

                                      7.7MB

                                      Download

                                    • memory/968-123-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/968-115-0x0000018F307D0000-0x0000018F307FB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/968-136-0x0000018F307D0000-0x0000018F307FB000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/968-139-0x00007FF9F578D000-0x00007FF9F578E000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/968-151-0x00007FF9F578C000-0x00007FF9F578D000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/1032-159-0x0000017CEA360000-0x0000017CEA38B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/1032-155-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/1032-149-0x0000017CEA360000-0x0000017CEA38B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/2892-87-0x0000000140000000-0x000000014002B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/2892-86-0x0000000140000000-0x000000014002B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/2892-93-0x00007FF9F3DB0000-0x00007FF9F3E6E000-memory.dmp

                                      Filesize

                                      760KB

                                      Download

                                    • memory/2892-85-0x0000000140000000-0x000000014002B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/2892-102-0x0000000140000000-0x000000014002B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/2892-92-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

                                      Filesize

                                      2.0MB

                                      Download

                                    • memory/2892-91-0x0000000140000000-0x000000014002B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/2892-89-0x0000000140000000-0x000000014002B000-memory.dmp

                                      Filesize

                                      172KB

                                      Download

                                    • memory/3536-191-0x000001B26A120000-0x000001B26A13C000-memory.dmp

                                      Filesize

                                      112KB

                                      Download

                                    • memory/3536-176-0x000001B26A030000-0x000001B26A0E5000-memory.dmp

                                      Filesize

                                      724KB

                                      Download

                                    • memory/3536-234-0x000001B26A100000-0x000001B26A10A000-memory.dmp

                                      Filesize

                                      40KB

                                      Download

                                    • memory/3536-241-0x000001B26A110000-0x000001B26A118000-memory.dmp

                                      Filesize

                                      32KB

                                      Download

                                    • memory/3536-249-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/3536-182-0x000001B26A0F0000-0x000001B26A0FA000-memory.dmp

                                      Filesize

                                      40KB

                                      Download

                                    • memory/3536-243-0x000001B26A140000-0x000001B26A146000-memory.dmp

                                      Filesize

                                      24KB

                                      Download

                                    • memory/3536-239-0x000001B26A160000-0x000001B26A17A000-memory.dmp

                                      Filesize

                                      104KB

                                      Download

                                    • memory/3536-110-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/3536-175-0x000001B26A010000-0x000001B26A02C000-memory.dmp

                                      Filesize

                                      112KB

                                      Download

                                    • memory/3536-165-0x00007FF479E90000-0x00007FF479EA0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/3536-245-0x000001B26A150000-0x000001B26A15A000-memory.dmp

                                      Filesize

                                      40KB

                                      Download

                                    • memory/3536-246-0x000001B269AF0000-0x000001B269B00000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/3536-122-0x000001B269AF0000-0x000001B269B00000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/3536-160-0x000001B269AF0000-0x000001B269B00000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4000-19-0x000002274F460000-0x000002274F472000-memory.dmp

                                      Filesize

                                      72KB

                                      Download

                                    • memory/4000-152-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/4000-20-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/4000-23-0x00000227699E0000-0x00000227699F0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4000-75-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/4000-113-0x00000227699E0000-0x00000227699F0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/5004-61-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/5004-62-0x0000026F78080000-0x0000026F78090000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/5004-73-0x0000026F78080000-0x0000026F78090000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/5004-72-0x0000026F782C0000-0x0000026F782E2000-memory.dmp

                                      Filesize

                                      136KB

                                      Download

                                    • memory/5004-76-0x0000026F78080000-0x0000026F78090000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/5004-78-0x0000026F78080000-0x0000026F78090000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/5004-81-0x00007FF9D4F50000-0x00007FF9D5A11000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download