Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

svchost_du...py.exe

windows7-x64

8

svchost_du...py.exe

windows10-1703-x64

8

svchost_du...py.exe

windows10-2004-x64

8

svchost_du...py.exe

windows11-21h2-x64

8

Resubmissions

12/04/2024, 13:32

240412-qtgfpsag84 8

12/04/2024, 13:32

240412-qtc4aaag83 8

12/04/2024, 13:32

240412-qtcshsag82 8

12/04/2024, 13:32

240412-qtb6zsag79 8

12/04/2024, 13:32

240412-qtbkfsdh4s 8

09/04/2024, 05:34

240409-f9mmjsbc9t 8

09/04/2024, 05:33

240409-f9bkaabc8w 8

09/04/2024, 05:33

240409-f86n2abc71 8

09/04/2024, 05:33

240409-f8wh3afh27 8

01/02/2024, 11:29

240201-nlq9tsebck 10

Analysis

  • max time kernel
    1200s
  • max time network
    1197s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    svchost_dump_SCY - Copy.exe

  • Size

    5.2MB

  • MD5

    5fd3d21a968f4b8a1577b5405ab1c36a

  • SHA1

    710e5ab0fceb71b982b966c3a7406ebdf1d2aa82

  • SHA256

    7ac7b42889e14cbd8c7cebe692566ca045d0034f9ff103fc3ef9c5e035dc594f

  • SHA512

    085a31c0412ba0a3d612a66ec8d95ce900e148240f92f9ec8c4d07b6c8e32cf233e92aefc7b4b53a91f5eacacd1cf3a8fcdf8cd7c206afa46014a9e4a9ddf53f

  • SSDEEP

    98304:jgoX+R+gW1CkQFBAFGspWvuL136BRiGQiiyBrDbnh57cpbJLyns:coXxFGWL56BVrDbn77cjIs

Score
8/10
evasion

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 14 IoCs
    evasion
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 12 IoCs
  • Drops file in System32 directory 18 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\svchost_dump_SCY - Copy.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost_dump_SCY - Copy.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\System32\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2592
    • C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
      2⤵
      • Modifies Windows Firewall
      PID:1636
    • C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
      2⤵
      • Modifies Windows Firewall
      PID:2552
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2416
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2660
    • C:\Windows\system32\schtasks.exe
      schtasks /delete /TN "Timer"
      2⤵
        PID:2788
      • C:\Windows\system32\schtasks.exe
        schtasks /create /sc minute /ED "11/02/2024" /mo 7 /tn "Timer" /tr c:\windows\system\svchost.exe /ru SYSTEM
        2⤵
        • Creates scheduled task(s)
        PID:544
      • C:\Windows\System\svchost.exe
        "C:\Windows\System\svchost.exe" formal
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1612
        • C:\Windows\System32\Wbem\WMIC.exe
          WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2748
        • C:\Windows\System32\netsh.exe
          "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
          3⤵
          • Modifies Windows Firewall
          PID:1900
        • C:\Windows\System32\netsh.exe
          "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
          3⤵
          • Modifies Windows Firewall
          PID:1872
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1464
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2244
        • C:\Users\Admin\AppData\Local\Temp\~tl57D.tmp
          C:\Users\Admin\AppData\Local\Temp\~tl57D.tmp
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1964
          • C:\Windows\system32\netsh.exe
            netsh int ipv4 set dynamicport tcp start=1025 num=64511
            4⤵
              PID:884
            • C:\Windows\System32\netsh.exe
              "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
              4⤵
              • Modifies Windows Firewall
              PID:1676
            • C:\Windows\System32\netsh.exe
              "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
              4⤵
              • Modifies Windows Firewall
              PID:2104
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1596
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2648
            • C:\Windows\system32\schtasks.exe
              schtasks /delete /TN "Timer"
              4⤵
                PID:2816
              • C:\Windows\system32\schtasks.exe
                schtasks /create /sc minute /ED "11/02/2024" /mo 7 /tn "Timer" /tr c:\windows\system\svchost.exe /ru SYSTEM
                4⤵
                • Creates scheduled task(s)
                PID:2440
              • C:\Windows\System\svchost.exe
                "C:\Windows\System\svchost.exe" formal
                4⤵
                • Executes dropped EXE
                PID:652
        • C:\Windows\system32\taskeng.exe
          taskeng.exe {370C3B2F-E85D-4143-8BEC-12F7D0A5BC7E} S-1-5-18:NT AUTHORITY\System:Service:
          1⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2408
          • \??\c:\windows\system\svchost.exe
            c:\windows\system\svchost.exe
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:2724
            • C:\Windows\system32\netsh.exe
              netsh int ipv4 set dynamicport tcp start=1025 num=64511
              3⤵
              • Modifies data under HKEY_USERS
              PID:308
            • C:\Windows\System32\netsh.exe
              "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
              3⤵
              • Modifies Windows Firewall
              PID:2840
            • C:\Windows\System32\netsh.exe
              "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
              3⤵
              • Modifies Windows Firewall
              • Modifies data under HKEY_USERS
              PID:2732
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
              3⤵
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              PID:1516
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
              3⤵
              • Drops file in System32 directory
              • Suspicious behavior: EnumeratesProcesses
              PID:2640
            • C:\Windows\TEMP\~tl6C4.tmp
              C:\Windows\TEMP\~tl6C4.tmp
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              PID:1068
              • C:\Windows\system32\netsh.exe
                netsh int ipv4 set dynamicport tcp start=1025 num=64511
                4⤵
                • Modifies data under HKEY_USERS
                PID:2232
              • C:\Windows\System32\netsh.exe
                "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
                4⤵
                • Modifies Windows Firewall
                PID:1060
              • C:\Windows\System32\netsh.exe
                "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
                4⤵
                • Modifies Windows Firewall
                • Modifies data under HKEY_USERS
                PID:2196
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
                4⤵
                • Drops file in System32 directory
                • Suspicious behavior: EnumeratesProcesses
                PID:1912
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
                4⤵
                • Drops file in System32 directory
                • Suspicious behavior: EnumeratesProcesses
                PID:1456
        • C:\Windows\system32\taskeng.exe
          taskeng.exe {BB5F83E3-E063-4FC5-9C88-D58142345155} S-1-5-18:NT AUTHORITY\System:Service:
          1⤵
          • Loads dropped DLL
          PID:3008
          • \??\c:\windows\system\svchost.exe
            c:\windows\system\svchost.exe
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:1452
            • C:\Windows\system32\netsh.exe
              netsh int ipv4 set dynamicport tcp start=1025 num=64511
              3⤵
                PID:1996
              • C:\Windows\System32\netsh.exe
                "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
                3⤵
                • Modifies Windows Firewall
                • Modifies data under HKEY_USERS
                PID:1640
              • C:\Windows\System32\netsh.exe
                "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
                3⤵
                • Modifies Windows Firewall
                • Modifies data under HKEY_USERS
                PID:1768
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
                3⤵
                • Drops file in System32 directory
                • Suspicious behavior: EnumeratesProcesses
                PID:2760
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
                3⤵
                • Drops file in System32 directory
                • Suspicious behavior: EnumeratesProcesses
                PID:2216
              • C:\Windows\TEMP\~tl401C.tmp
                C:\Windows\TEMP\~tl401C.tmp
                3⤵
                • Executes dropped EXE
                • Drops file in System32 directory
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                PID:1188
                • C:\Windows\system32\netsh.exe
                  netsh int ipv4 set dynamicport tcp start=1025 num=64511
                  4⤵
                  • Modifies data under HKEY_USERS
                  PID:3064
                • C:\Windows\System32\netsh.exe
                  "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
                  4⤵
                  • Modifies Windows Firewall
                  • Modifies data under HKEY_USERS
                  PID:1660
                • C:\Windows\System32\netsh.exe
                  "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
                  4⤵
                  • Modifies Windows Firewall
                  • Modifies data under HKEY_USERS
                  PID:1900
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
                  4⤵
                  • Drops file in System32 directory
                  • Suspicious behavior: EnumeratesProcesses
                  PID:852
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
                  4⤵
                  • Drops file in System32 directory
                  • Suspicious behavior: EnumeratesProcesses
                  PID:652

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            7KB

            MD5

            5c30577b7e8f38aa586bb2ae42aedbb4

            SHA1

            20f1a29b7931e738745b9f42e6012732ed9efe5b

            SHA256

            5e3c005ff479f854eec73bb2dd49562d4911a241f6053b9c8fa293fd3fe92ffb

            SHA512

            cef8e6a37e995f230c506dcf3732040c66d78581a4348b284efabe8947c5e705ceb3270ad1cf543283a3b21bb7eccb21e1eb47529296bcdddb55169bedcd1f31

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            7KB

            MD5

            408a3906f286da816db7c9db54e12f94

            SHA1

            4e89b1f0307047c43957ee9ea97c816c6ace0529

            SHA256

            f9f0955a49df388500f353c2f0deac1c28e0a975992d0f23dd7b81fb86291664

            SHA512

            201cdc49cd8ab7126c93ea6c6ec03c1bc22f3c20f70aa3e90cc003b89c7937fd51414875f80d882ea045f9200e22bd5ed16dadd8b6aaaa0651f7fabab90cb7fc

            Download Submit

          • C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
            Filesize

            2.6MB

            MD5

            9bae03d3dc0f5cfd40507ee03ba5a765

            SHA1

            bbb2ea791c2e53e615f7c4b17246b4d465e6a4fe

            SHA256

            ff1af3cc0eff747f5425287eea2910d8d69cd9d30af5a90a41a03a023bb0313f

            SHA512

            2263b74eefd835f92a085f1b35e156b79c37996b1976d6b93ad94cfce8454411131d4b3dc1d3d3cee175b37d05433f3061060023219d7d3da86e034e510b7b81

            Download Submit

          • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
            Filesize

            6.4MB

            MD5

            1430c89ec309cf12802d8e723fe32c6e

            SHA1

            1f4b6ee07d47e827a4c3bd53784c8fa7b140c5c3

            SHA256

            5996c136d3e6ffffec826c881eda0a56d952d08a87d889fd3d76597615b080fb

            SHA512

            6942964e07560e288d2c0d53eb6bebbe0bc55fac881b60a7fb13bc9457dd724d5c72f9b22dd4d733c8321db2ae7c02cc96da91aef38fa935e07d18f847d4534c

            Download Submit

          • C:\Windows\System\svchost.exe
            Filesize

            385KB

            MD5

            e0a5211e22aa205f5c5c5042b0a572e4

            SHA1

            f645ec5db1ce143b38b72bb27942f78a74640e64

            SHA256

            984d7da9ef6efe325c7216c9b3d731200865a0bff5f2a8f288ebc9a6e6c5de1f

            SHA512

            74d071590695fda8108083745015d1f8e1d6ae5f66701d3be8cdc096c0e62ee4ec52c489fda2b8060db87ee09800ba819e2bc44955ee3775cbfafef5529ebe45

            Download Submit

          • \Users\Admin\AppData\Local\Temp\~tl57D.tmp
            Filesize

            385KB

            MD5

            e802c96760e48c5139995ffb2d891f90

            SHA1

            bba3d278c0eb1094a26e5d2f4c099ad685371578

            SHA256

            cb82ea45a37f8f79d10726a7c165aa5b392b68d5ac954141129c1762a539722c

            SHA512

            97300ac501be6b6ea3ac1915361dd472824fe612801cab8561a02c7df071b1534190d2d5ef872d89d24c8c915b88101e7315f948f53215c2538d661181e3a5f0

            Download Submit

          • \Windows\Temp\~tl6C4.tmp
            Filesize

            393KB

            MD5

            9dbdd43a2e0b032604943c252eaf634a

            SHA1

            9584dc66f3c1cce4210fdf827a1b4e2bb22263af

            SHA256

            33c53cd5265502e7b62432dba0e1b5ed702b5007cc79973ccd1e71b2acc01e86

            SHA512

            b7b20b06dac952a96eda254bad29966fe7a4f827912beb0bc66d5af5b302d7c0282d70c1b01ff782507dd03a1d58706f05cb157521c7f2887a43085ffe5f94d1

            Download Submit

          • \Windows\system\svchost.exe
            Filesize

            5.2MB

            MD5

            5fd3d21a968f4b8a1577b5405ab1c36a

            SHA1

            710e5ab0fceb71b982b966c3a7406ebdf1d2aa82

            SHA256

            7ac7b42889e14cbd8c7cebe692566ca045d0034f9ff103fc3ef9c5e035dc594f

            SHA512

            085a31c0412ba0a3d612a66ec8d95ce900e148240f92f9ec8c4d07b6c8e32cf233e92aefc7b4b53a91f5eacacd1cf3a8fcdf8cd7c206afa46014a9e4a9ddf53f

            Download Submit

          • memory/652-189-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/652-178-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/652-167-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1068-218-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1068-219-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1068-204-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1068-201-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1452-260-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1464-57-0x000007FEF4FC0000-0x000007FEF595D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1464-56-0x0000000002470000-0x00000000024F0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1464-60-0x000007FEF4FC0000-0x000007FEF595D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1464-58-0x000000000247B000-0x00000000024E2000-memory.dmp

            Filesize

            412KB

            Download

          • memory/1464-43-0x000000001B0D0000-0x000000001B3B2000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/1464-48-0x000007FEF4FC0000-0x000007FEF595D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1464-50-0x0000000002470000-0x00000000024F0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1464-49-0x00000000026E0000-0x00000000026E8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1516-182-0x000007FEF5020000-0x000007FEF59BD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1516-184-0x0000000000980000-0x0000000000A00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1596-151-0x00000000029B0000-0x0000000002A30000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1596-141-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1596-142-0x00000000029B0000-0x0000000002A30000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1596-144-0x00000000029B0000-0x0000000002A30000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1596-143-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1596-153-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1612-125-0x0000000140000000-0x0000000140636000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/1612-63-0x000000001EC90000-0x000000001F172000-memory.dmp

            Filesize

            4.9MB

            Download

          • memory/1612-59-0x0000000140000000-0x0000000140636000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/1612-35-0x0000000140000000-0x0000000140636000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/1964-127-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1964-126-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1964-168-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1964-128-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1964-129-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2244-55-0x0000000002B80000-0x0000000002C00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2244-54-0x0000000002B80000-0x0000000002C00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2244-53-0x000007FEF4FC0000-0x000007FEF595D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2244-52-0x0000000002B80000-0x0000000002C00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2244-62-0x000007FEF4FC0000-0x000007FEF595D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2244-51-0x000007FEF4FC0000-0x000007FEF595D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2244-61-0x0000000002B80000-0x0000000002C00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2416-10-0x000000001B2C0000-0x000000001B5A2000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/2416-13-0x00000000024C0000-0x0000000002540000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2416-16-0x00000000024C0000-0x0000000002540000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2416-21-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2416-22-0x00000000024C0000-0x0000000002540000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2416-12-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2416-20-0x00000000024C0000-0x0000000002540000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2416-14-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2640-179-0x00000000012A0000-0x0000000001320000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2640-172-0x0000000019C90000-0x0000000019F72000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/2640-183-0x000007FEF5020000-0x000007FEF59BD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2640-181-0x00000000012A0000-0x0000000001320000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2640-177-0x000007FEF5020000-0x000007FEF59BD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2640-176-0x00000000009C0000-0x00000000009C8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2640-175-0x00000000012A0000-0x0000000001320000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2640-174-0x00000000012A0000-0x0000000001320000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2640-173-0x000007FEF5020000-0x000007FEF59BD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2648-148-0x00000000024FB000-0x0000000002562000-memory.dmp

            Filesize

            412KB

            Download

          • memory/2648-147-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2648-152-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2648-145-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2648-146-0x00000000024F0000-0x0000000002570000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2648-149-0x00000000024F4000-0x00000000024F7000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2660-17-0x0000000002A50000-0x0000000002AD0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2660-19-0x0000000002A5B000-0x0000000002AC2000-memory.dmp

            Filesize

            412KB

            Download

          • memory/2660-11-0x0000000002590000-0x0000000002598000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2660-15-0x000007FEF55B0000-0x000007FEF5F4D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2660-18-0x0000000002A50000-0x0000000002AD0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2724-169-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2724-190-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2724-200-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2724-162-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/3064-23-0x0000000140000000-0x0000000140636000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/3064-32-0x000000001EF80000-0x000000001F5B6000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/3064-34-0x000000001EF80000-0x000000001F5B6000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/3064-36-0x0000000140000000-0x0000000140636000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/3064-0-0x0000000140000000-0x0000000140636000-memory.dmp

            Filesize

            6.2MB

            Download