risepro | 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

Resubmissions

09-04-2024 08:32

240409-kfg77aaf85 10

09-04-2024 08:32

09-04-2024 08:32

09-04-2024 08:32

11-03-2024 08:03

10-03-2024 15:15

Analysis

max time kernel
600s
max time network
592s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FUCKER.exe
Size

10KB
MD5

2a94f3960c58c6e70826495f76d00b85
SHA1

e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256

2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512

fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
SSDEEP

192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

Score

10^/10

risepro xworm zgrat rat stealer trojan

Malware Config

Extracted

Family

xworm

94.156.8.213:58002

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2112-329-0x00000000003E0000-0x00000000003F8000-memory.dmp	family_xworm

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral1/memory/2804-76-0x0000000004E90000-0x00000000050DE000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-87-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-84-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-89-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-100-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-91-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-102-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-104-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-108-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-119-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-121-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-123-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-125-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-167-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-165-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-163-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-161-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-159-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-157-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-155-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-153-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-151-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-149-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-147-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-145-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-143-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-141-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-139-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-137-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-135-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-133-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-131-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-129-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1
behavioral1/memory/2804-127-0x0000000004E90000-0x00000000050D8000-memory.dmp	family_zgrat_v1

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2804	amadycry.exe
1604	1234.exe
2336	Tester.exe
1568	LummaC2.exe
1348	Tinder%20Bot.exe
2112	svchost.exe

Loads dropped DLL 9 IoCs

pid	Process
1324	FUCKER.exe
1324	FUCKER.exe
1324	FUCKER.exe
1324	FUCKER.exe
1324	FUCKER.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
1324	FUCKER.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	Tester.exe
File opened for modification	C:\Windows\svchost.exe	Tester.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2656	1568	WerFault.exe	32

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2336	Tester.exe
2336	Tester.exe
2336	Tester.exe
2336	Tester.exe
2336	Tester.exe
1624	powershell.exe
1980	powershell.exe
2112	svchost.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	1324	FUCKER.exe
Token: SeDebugPrivilege	2804	amadycry.exe
Token: SeDebugPrivilege	2336	Tester.exe
Token: SeBackupPrivilege	1556	vssvc.exe
Token: SeRestorePrivilege	1556	vssvc.exe
Token: SeAuditPrivilege	1556	vssvc.exe
Token: SeDebugPrivilege	1624	powershell.exe
Token: SeDebugPrivilege	1980	powershell.exe
Token: SeDebugPrivilege	2112	svchost.exe
Token: SeDebugPrivilege	2112	svchost.exe
Token: SeDebugPrivilege	2112	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2112	svchost.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 2804	1324	FUCKER.exe	29
PID 1324 wrote to memory of 2804	1324	FUCKER.exe	29
PID 1324 wrote to memory of 2804	1324	FUCKER.exe	29
PID 1324 wrote to memory of 2804	1324	FUCKER.exe	29
PID 1324 wrote to memory of 1604	1324	FUCKER.exe	30
PID 1324 wrote to memory of 1604	1324	FUCKER.exe	30
PID 1324 wrote to memory of 1604	1324	FUCKER.exe	30
PID 1324 wrote to memory of 1604	1324	FUCKER.exe	30
PID 1324 wrote to memory of 2336	1324	FUCKER.exe	31
PID 1324 wrote to memory of 2336	1324	FUCKER.exe	31
PID 1324 wrote to memory of 2336	1324	FUCKER.exe	31
PID 1324 wrote to memory of 2336	1324	FUCKER.exe	31
PID 1324 wrote to memory of 1568	1324	FUCKER.exe	32
PID 1324 wrote to memory of 1568	1324	FUCKER.exe	32
PID 1324 wrote to memory of 1568	1324	FUCKER.exe	32
PID 1324 wrote to memory of 1568	1324	FUCKER.exe	32
PID 1568 wrote to memory of 2656	1568	LummaC2.exe	33
PID 1568 wrote to memory of 2656	1568	LummaC2.exe	33
PID 1568 wrote to memory of 2656	1568	LummaC2.exe	33
PID 1568 wrote to memory of 2656	1568	LummaC2.exe	33
PID 1324 wrote to memory of 1348	1324	FUCKER.exe	34
PID 1324 wrote to memory of 1348	1324	FUCKER.exe	34
PID 1324 wrote to memory of 1348	1324	FUCKER.exe	34
PID 1324 wrote to memory of 1348	1324	FUCKER.exe	34
PID 2336 wrote to memory of 1624	2336	Tester.exe	41
PID 2336 wrote to memory of 1624	2336	Tester.exe	41
PID 2336 wrote to memory of 1624	2336	Tester.exe	41
PID 2336 wrote to memory of 1980	2336	Tester.exe	43
PID 2336 wrote to memory of 1980	2336	Tester.exe	43
PID 2336 wrote to memory of 1980	2336	Tester.exe	43
PID 1584 wrote to memory of 2112	1584	taskeng.exe	46
PID 1584 wrote to memory of 2112	1584	taskeng.exe	46
PID 1584 wrote to memory of 2112	1584	taskeng.exe	46

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\FUCKER.exe
"C:\Users\Admin\AppData\Local\Temp\FUCKER.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\Files\amadycry.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\amadycry.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2804
- C:\Users\Admin\AppData\Local\Temp\Files\1234.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\1234.exe"
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Users\Admin\AppData\Local\Temp\Files\Tester.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\Tester.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\svchost.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1624
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1980
- C:\Users\Admin\AppData\Local\Temp\Files\LummaC2.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\LummaC2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 124
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2656
- C:\Users\Admin\AppData\Local\Temp\Files\Tinder%20Bot.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\Tinder%20Bot.exe"
  2⤵
  - Executes dropped EXE
  PID:1348

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

C:\Windows\system32\taskeng.exe
taskeng.exe {1C063F52-03B5-47D2-AFAB-AB4AF95D4E87} S-1-5-21-3787592910-3720486031-2929222812-1000:HSNHLVYA\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\svchost.exe
  C:\Windows\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\LummaC2.exe

Filesize
290KB

MD5
fd9d245c5ab2238d566259492d7e9115

SHA1
3e6db027f3740874dced4d50e0babe0a71f41c00

SHA256
8839e1ba21fa6606dd8a69d32dd023b8a0d846fcafe32ba4e222cd558364e171

SHA512
7231260db7c3ec553a87e6f4e3e57c50effc2aefa2240940c257bf74c8217085c59a4846b0de0bdd615b302a64df9a7566ec0a436d56b902e967d3d90c6fe935

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\Tester.exe

Filesize
267KB

MD5
0803c1aec008e75859877844cfa81492

SHA1
16924d5802ddf76a2096fcfade0ce06d4c0670bd

SHA256
d5ab98bd209db0ed18272fe616ea4b8be34fd13d36116d25793fa7aa6f8b33e3

SHA512
9001e77da2562652ae51bdb3b8b9bfe686d0ed0c4eb8d338b20b7c4eb6eb8e90a4fae01d8212b1908037d5ff456e982500e4907686c38e5c33e969d55ba914d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9C66.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
08d8863d66556cbb747f2ce3945aeeaa

SHA1
20d37da03cc7160f6df14a4c6235860a49f4b3a8

SHA256
281a25b9ee03f95679b0fb203a0fb0c52729692a879e4344544270b44c5f48c4

SHA512
fd1492130f39892e1742e2eed16378af495ec9c0523e5ffb581b06c58c0bd21e92d27d21e6b5d6d1f48baa2b0387da8f5c33cad9307cfb648c9d26a420a8798b

Download Submit
\Users\Admin\AppData\Local\Temp\Files\1234.exe

Filesize
1.3MB

MD5
5e13199a94cf8664e5bfbe2f68d4738e

SHA1
8cfaa21f68226ae775615f033507b5756f5ccacc

SHA256
71b320a5d9456acc43494213dcd1f4ae8b7f6e27a15ac80cb42df5f19f692ec5

SHA512
b7b682717cd49b9fff9885c85f1421050613559308aa7160dee7ce493d5bff126c8157727d8f88fdfd602092203c64ab0dbff718b7ce7af9f9f2ad8375d703b5

Download Submit
\Users\Admin\AppData\Local\Temp\Files\Tinder%20Bot.exe

Filesize
2.6MB

MD5
88c8facd138c9f9ce9f81be8796a3ba1

SHA1
2166a4cf5f5a9a6c324e4a6c8e5812093b15cc99

SHA256
346eae7ef7ffed41c2f3f18beafe2bb6692a94323700f0cade748ba83e55eb34

SHA512
f984cddf2a0c78e2dfda727b00b3a0d285661e2172616b220382f2c83b972dc2a5c2a6ce6e9417dfb2dcff0f2e419a849b0a40b89965503c78edebd318740629

Download Submit
\Users\Admin\AppData\Local\Temp\Files\amadycry.exe

Filesize
2.3MB

MD5
90c738cebe2f8dda5d53e777ad286a43

SHA1
58daf4a99c9c148f38b3e6173d5f7ac01bcfaf16

SHA256
d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e

SHA512
7b77c041a5e1548403db8f749c90209a5bb4a8c1c178003d7af2641f94e1745b6e89abadfed441dd41c492cd134863afb57353a918d94ce308b2884cfdf29620

Download Submit
memory/1324-0-0x0000000000DB0000-0x0000000000DB8000-memory.dmp

Filesize
32KB

Download
memory/1324-288-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/1324-2-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/1324-1-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/1348-289-0x0000000000C70000-0x0000000000F06000-memory.dmp

Filesize
2.6MB

Download
memory/1348-290-0x000007FEF4CC0000-0x000007FEF56AC000-memory.dmp

Filesize
9.9MB

Download
memory/1348-293-0x000007FEF4CC0000-0x000007FEF56AC000-memory.dmp

Filesize
9.9MB

Download
memory/1568-281-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/1624-301-0x0000000002B14000-0x0000000002B17000-memory.dmp

Filesize
12KB

Download
memory/1624-303-0x000007FEECD10000-0x000007FEED6AD000-memory.dmp

Filesize
9.6MB

Download
memory/1624-299-0x000000001B450000-0x000000001B732000-memory.dmp

Filesize
2.9MB

Download
memory/1624-300-0x0000000001DE0000-0x0000000001DE8000-memory.dmp

Filesize
32KB

Download
memory/1624-302-0x000007FEECD10000-0x000007FEED6AD000-memory.dmp

Filesize
9.6MB

Download
memory/1624-304-0x0000000002B10000-0x0000000002B90000-memory.dmp

Filesize
512KB

Download
memory/1980-312-0x000007FEEC370000-0x000007FEECD0D000-memory.dmp

Filesize
9.6MB

Download
memory/1980-319-0x000007FEEC370000-0x000007FEECD0D000-memory.dmp

Filesize
9.6MB

Download
memory/1980-311-0x0000000002610000-0x0000000002618000-memory.dmp

Filesize
32KB

Download
memory/1980-310-0x000000001B100000-0x000000001B3E2000-memory.dmp

Filesize
2.9MB

Download
memory/1980-318-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download
memory/1980-313-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download
memory/1980-314-0x000007FEEC370000-0x000007FEECD0D000-memory.dmp

Filesize
9.6MB

Download
memory/1980-315-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download
memory/2112-326-0x000007FEF42D0000-0x000007FEF4CBC000-memory.dmp

Filesize
9.9MB

Download
memory/2112-327-0x0000000001040000-0x000000000108A000-memory.dmp

Filesize
296KB

Download
memory/2112-328-0x000000001AFF0000-0x000000001B070000-memory.dmp

Filesize
512KB

Download
memory/2112-329-0x00000000003E0000-0x00000000003F8000-memory.dmp

Filesize
96KB

Download
memory/2112-330-0x000007FEF42D0000-0x000007FEF4CBC000-memory.dmp

Filesize
9.9MB

Download
memory/2112-331-0x000000001AFF0000-0x000000001B070000-memory.dmp

Filesize
512KB

Download
memory/2336-212-0x0000000000AC0000-0x0000000000B0A000-memory.dmp

Filesize
296KB

Download
memory/2336-322-0x000007FEF4CC0000-0x000007FEF56AC000-memory.dmp

Filesize
9.9MB

Download
memory/2336-317-0x000007FEF4CC0000-0x000007FEF56AC000-memory.dmp

Filesize
9.9MB

Download
memory/2336-292-0x000000001AFE0000-0x000000001B060000-memory.dmp

Filesize
512KB

Download
memory/2336-280-0x000007FEF4CC0000-0x000007FEF56AC000-memory.dmp

Filesize
9.9MB

Download
memory/2804-108-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-131-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-129-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-127-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-133-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-135-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-137-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-139-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-141-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-143-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-145-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-147-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-149-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-151-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-153-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-155-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-157-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-159-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-161-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-163-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-165-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-167-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-125-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-123-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-121-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-119-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-316-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/2804-104-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-102-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-91-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-100-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-89-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-84-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-87-0x0000000004E90000-0x00000000050D8000-memory.dmp

Filesize
2.3MB

Download
memory/2804-76-0x0000000004E90000-0x00000000050DE000-memory.dmp

Filesize
2.3MB

Download
memory/2804-70-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/2804-69-0x0000000000A40000-0x0000000000C94000-memory.dmp

Filesize
2.3MB

Download