081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac

Analysis

max time kernel
142s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sora - OpenAi v1.1/Sora - OpenAi Beta v.1.1.exe
Size

153KB
MD5

37932fd952d6d845927f25f42cb3c628
SHA1

d0d7e1b7cfb13a0999ef4c4733b83275a1de2440
SHA256

cb807472bb6d4d1113fcbc209d6a08fa80ff9e53c83b1aa37f9d6f549affd68c
SHA512

403dce223d9cbb4241f21a773cfc55501e4141b161c3ba60397c75d533c3abbd420a8f526f6aac7f2a0a5b7b91361ed013641f0d40afc00680428db3c1dbb49b
SSDEEP

1536:UJSV1Mq4KjdA0ejIB+7YeEsczbruUdwpiOpiq3hlV:UJKMq4KjdA0ejIB2sbbiUqhrV

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
behavioral2/files/0x0007000000023418-114.dat	patched_upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation	Sora - OpenAi Beta v.1.1.exe

Executes dropped EXE 5 IoCs

pid	Process
4264	php.exe
2368	rhc.exe
3852	php.exe
3464	rhc.exe
2800	php.exe

Loads dropped DLL 45 IoCs

pid	Process
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
4264	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
3852	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe
2800	php.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2820	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1544	powershell.exe
1544	powershell.exe
3852	php.exe
3852	php.exe
2800	php.exe
2800	php.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2820	vlc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1544	powershell.exe

Suspicious use of FindShellTrayWindow 24 IoCs

pid	Process
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe
2820	vlc.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 928	2792	Sora - OpenAi Beta v.1.1.exe	85
PID 2792 wrote to memory of 928	2792	Sora - OpenAi Beta v.1.1.exe	85
PID 5044 wrote to memory of 2820	5044	explorer.exe	88
PID 5044 wrote to memory of 2820	5044	explorer.exe	88
PID 2792 wrote to memory of 4264	2792	Sora - OpenAi Beta v.1.1.exe	93
PID 2792 wrote to memory of 4264	2792	Sora - OpenAi Beta v.1.1.exe	93
PID 2792 wrote to memory of 4264	2792	Sora - OpenAi Beta v.1.1.exe	93
PID 4264 wrote to memory of 3864	4264	php.exe	95
PID 4264 wrote to memory of 3864	4264	php.exe	95
PID 4264 wrote to memory of 3864	4264	php.exe	95
PID 3864 wrote to memory of 1544	3864	cmd.exe	96
PID 3864 wrote to memory of 1544	3864	cmd.exe	96
PID 3864 wrote to memory of 1544	3864	cmd.exe	96
PID 2368 wrote to memory of 3852	2368	rhc.exe	98
PID 2368 wrote to memory of 3852	2368	rhc.exe	98
PID 2368 wrote to memory of 3852	2368	rhc.exe	98
PID 3852 wrote to memory of 1036	3852	php.exe	100
PID 3852 wrote to memory of 1036	3852	php.exe	100
PID 3852 wrote to memory of 1036	3852	php.exe	100
PID 3464 wrote to memory of 2800	3464	rhc.exe	105
PID 3464 wrote to memory of 2800	3464	rhc.exe	105
PID 3464 wrote to memory of 2800	3464	rhc.exe	105
PID 2800 wrote to memory of 4632	2800	php.exe	107
PID 2800 wrote to memory of 4632	2800	php.exe	107
PID 2800 wrote to memory of 4632	2800	php.exe	107

C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe
"C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4"
  2⤵
  PID:928
- C:\ProgramData\ContentData\php.exe
  "C:\ProgramData\ContentData\php.exe" C:\ProgramData\ContentData\include.php
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c "PowerShell -c "Get-Date -Format 'yyyy-MM-dd HH:mm:ss'""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3864
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      PowerShell -c "Get-Date -Format 'yyyy-MM-dd HH:mm:ss'"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1544

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2820

C:\ProgramData\ContentData\rhc.exe
C:\ProgramData\ContentData\rhc.exe php.exe index.php
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2368
- C:\ProgramData\ContentData\php.exe
  php.exe index.php
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3852
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c ""C:\ProgramData\CloudData\rhc.exe" "C:\ProgramData\CloudData\python.exe" "C:\ProgramData\CloudData\main.py""
    3⤵
    PID:1036

C:\ProgramData\ContentData\rhc.exe
C:\ProgramData\ContentData\rhc.exe php.exe index.php
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3464
- C:\ProgramData\ContentData\php.exe
  php.exe index.php
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c ""C:\ProgramData\CloudData\rhc.exe" "C:\ProgramData\CloudData\python.exe" "C:\ProgramData\CloudData\main.py""
    3⤵
    PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ContentData\ext\php_bz2.dll

Filesize
64KB

MD5
2e83d3a008f9d9bf6c6785d4feba5c75

SHA1
cd634271c56ff3b6c4c141adadb724a581378410

SHA256
d1457076b72d629f0af7e98cd6fe5be4fb0b18fb9c15675f2995b4c5e88a8106

SHA512
09fd9dba3e625dc38ec4587478988252a2ad1916f395a6d84ade09ea1a5f6c2b1353f9cd80455c22d9a0a30285a197801b3dca29664dce43e125ede9f8f379a8

Download Submit
C:\ProgramData\ContentData\ext\php_com_dotnet.dll

Filesize
69KB

MD5
e6356bb0442e22f4c833c8f3faa12e54

SHA1
aa7867e7b0275e43b162a97ee9ff9417daa60887

SHA256
e7acc59480842e662351c2026f08ab67971ee33c34c663ce509a4c9473e643fa

SHA512
abdff0cac197d1fc73ddc74ce677556bd798e3e2c13f12eeb050785873dc43908f137d95f02f7eceac38dee39ed391b0b820837db97c7c0a96fa414c08ef7de1

Download Submit
C:\ProgramData\ContentData\ext\php_curl.dll

Filesize
393KB

MD5
c8cce26e1f5c4ebcaf7d4f6f9cf6f994

SHA1
b174076a6b26e160954572c675cce067ba6582c8

SHA256
05c99429e208bc9f345c791e16dd3f68ec628186d64e2acbc7f2f6dcc877bf11

SHA512
a078e5c1cb37857a8e4f1f8430823466a30b51e22b1136afeb4542091e17c79e278a4fc081dac9ad0f85cfd18a63333aec39ec272b1cbcf78037b85af2fa50df

Download Submit
C:\ProgramData\ContentData\ext\php_fileinfo.dll

Filesize
2.7MB

MD5
f53c9423bd798be924215b6d50dd57e1

SHA1
3453ae45f830d878825e739d1364dd8d9c657c6d

SHA256
1132e7e1cd973f0d44da001bc64ac36a061b69192c9d8ea175cd73e94100bcc0

SHA512
3b8e773321820e0a2e18532692ed027756e2c28ff2452c0e35caf3554e55d8a5510835be6916befd5cce74ea63b40c986e67f9251c722f5a7748a5795ef1a37e

Download Submit
C:\ProgramData\ContentData\ext\php_gd2.dll

Filesize
1.3MB

MD5
6b5a11b8724dbb00f921d0d3adddc0f8

SHA1
16736b897a691c1298eca0a9df70a82eac69c7f2

SHA256
ddc10933f9d057fbb929f59997f5913182ce928dc8ffad8963eed74c2ef50256

SHA512
729c2cea71d89177473f738e0b342817ce12508dde857b5eb1226ab7fb90d4c64a777a9ed04b083ce57c9129da916e062b1084ee93058593e99487ae4eab4da0

Download Submit
C:\ProgramData\ContentData\ext\php_ioncube.dll

Filesize
779KB

MD5
c57d5f4ec2992e6b06e891d09dcc3e32

SHA1
f1627024fe4a922a43e2163d77da987918635ca7

SHA256
4b6f679ab3da317ee310d5bd482b41a77f5ebf1fc0d514d3595c3d16db6e7327

SHA512
ed30da1c8950865c380b6d13468af1075e4161a052199ea77d071851d297c14c041e082377935d5a8deb3807df6a6bb375c63d3f017c91b425b63a22c82f6151

Download Submit
C:\ProgramData\ContentData\ext\php_mbstring.dll

Filesize
1.2MB

MD5
91e97c0ebbe5a7053b9396b1e376283d

SHA1
1906eae6644797e905a1f54c558e83c550440320

SHA256
6653e52f3a7d12afc5e1d5922a73d56a9d914864a1f882004e986ea210005b61

SHA512
3e4e03e4932cf3cdadbc29f0163e81ac430f94e4497f805b31cd0ab12e3975f8152347b78ab1efe1a1feb24101925e671585b8d7080316ac86f4a6d78de9e790

Download Submit
C:\ProgramData\ContentData\ext\php_openssl.dll

Filesize
86KB

MD5
7b404ba96f7f535fee77b97e0e45de2c

SHA1
3fa2897c6af4d9e2fa7d88748220816cd50c9e06

SHA256
673596e0945d61b3f5ff71d293ff8c2cc38464142bdde00387a87ea9af646aed

SHA512
10368f80234a6d7330616dc94d35238aa3215b3ae95e26ba5cde54eb2d99ce5585a138e2c8f97f52713809199eb15bf7b3555dd92ec9be0dbde0cabd118eb30f

Download Submit
C:\ProgramData\ContentData\ext\php_pdo_sqlite.dll

Filesize
475KB

MD5
233fa83055777dfc5602c15e049e381b

SHA1
d0d5bb591515a1a96e1acd486741c1b041517377

SHA256
8b46ab99dad214f30ff11daf08d6b77041165875a04b3d4dc16cdfcfe73ca625

SHA512
401143a7770e429289980b5ef072a630d3246806e77fcbcfa86aef1abbb447aa7b15b29b7a467824580f8c4c2de4ff897c8ed70386f965514ab309cdad14a5d0

Download Submit
C:\ProgramData\ContentData\include.php

Filesize
9KB

MD5
273bd3d5da3cfcf66b62c219138dff27

SHA1
171899a2b963ebef255551444a9eb8d1705278f8

SHA256
0d78ba7e8a43f92511616c5be20197a2ad2d78b108cd68cad9a8005fde7d80df

SHA512
a09a6b1932efdd5f201558eae93610c8936a3910b503d63b3a2500dbc0846f4599b22621170d98b285b37c53a16ebfe3e1dc4041697185439e0cbec2229e60ef

Download Submit
C:\ProgramData\ContentData\index.php

Filesize
10KB

MD5
e1829b8350d861ff3a3bce5f167a4db3

SHA1
4eb5fa60631706d97cb96dc90984bb7780820f8b

SHA256
996e0e86a18d0b129d48fac97ef3c7a74cfcdfca89f38ea24af92bddb07f7f74

SHA512
cdbb42cc36c639e3ea51c73659139c751018bf9b4e15a837842b25328e980c7d462619708adcbb6933b235c43c1fa4a4ac3e0a71c457719c3830d983759e34d4

Download Submit
C:\ProgramData\ContentData\libeay32.dll

Filesize
1.2MB

MD5
d02143376cdea15b313a398a4caf3735

SHA1
6ed82e6c999974154cccd1b0809e518bf234eafb

SHA256
fe5ceefedcec83d40bd63a7cc2d4ae4012b3f59f1098638056fdc1a477d405f7

SHA512
d9e9e547e21bf3ad0f4474e0d05132c36d4865b8e796dfce888b9f81f5332e3dfe9126988dce938564f1030d069f30d4b912285205f77977c1b4bfee68707624

Download Submit
C:\ProgramData\ContentData\libssh2.dll

Filesize
163KB

MD5
73f95c1b2a23be7a80aa75250b8f25ad

SHA1
20dcce600d126479bd2f0226ae4b8981ee1f147b

SHA256
ed0db696c2ae8b896eab6fd8c71e5fa4c88e6a90b98fffc354593288d59fe119

SHA512
5ee88e0b0215dc7c970e085068f24baf3d7d1df247e7ed56d052dfa20d7dfd603353f036daa0d60e1514277e27d49449fbd9708a5e1c690eb1b90699e7f0e42f

Download Submit
C:\ProgramData\ContentData\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\ProgramData\ContentData\openai.api

Filesize
88B

MD5
850952b67ab0c698657c3d908f559816

SHA1
e328f80fedc6c1208340f8ad775c3f350aa949d9

SHA256
fcfaf39e980b6fd20b1c27dae0565145b4e52dad257a780dcc2919800f8856b7

SHA512
b16f9d12d2b8fc6cd31fadd8397a56583bc2ea82ec2f333f85e8ad8ac4b83689cd0e5a2c7664129278f327d7df8b8a9df274ccbb8026e41a626abd1d13e01482

Download Submit
C:\ProgramData\ContentData\php.exe

Filesize
63KB

MD5
a1fe2fe70b38f91230cb5f4ca22b2c0c

SHA1
736bb400f69925493e4fb573e7222ac483ec3b32

SHA256
702d09e982e2af6bf5d828bb1d27bd3a48efcab7cf8837b023953354c4026550

SHA512
1cea0f50aceef5240c096bebf0d58f48e8b6313d71b0dd230b6aa465678e650c91e8e3ccecb7c73f7dc0c4a81eef5c3d14dbea1139543e2907ccca9e31d85dc3

Download Submit
C:\ProgramData\ContentData\php.ini

Filesize
70KB

MD5
dc20e139ccdcf3ab7037a18e52a00755

SHA1
a58c36fae35b20919ea214e17dae765c5a01b144

SHA256
9d2acec331a9e21ac406c8c469f68d943bca1503f9034a1bdd81664c993a9235

SHA512
91dc6e908af6f8f8d61473c03a71ed852cae80a3a5d480fd21fa44a8b4f156ed3194d6118b69376575e7e331c6bb249730ad34c0d54d987e981f105da31e2bb1

Download Submit
C:\ProgramData\ContentData\php5.dll

Filesize
6.7MB

MD5
0f9246f67611db06b9082a03e2680aba

SHA1
12d3ab77f06921aa9d7ebeda5410cc34455df7fa

SHA256
36179be42a85e363099ab57852f6fd1cd12e602e1475841ab169d13fc8955065

SHA512
d10d35febcbf0c036ae12be57cb168841e47f8f171a65b8b11ee625ced9ff0a33fcaa6467e690f8e9880bf8fdbb0f3dd77f5740453fea06ca8292dfdae86f0aa

Download Submit
C:\ProgramData\ContentData\rhc.exe

Filesize
1KB

MD5
abc6379205de2618851c4fcbf72112eb

SHA1
1ed7b1e965eab56f55efda975f9f7ade95337267

SHA256
22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f

SHA512
180c7f400dd13092b470e3a91bf02e98ef6247c1193bf349e3710e8d1e9003f3bc9b792bb776eacb746e9c67b3041f2333cc07f28c5f046d59274742230fb7c1

Download Submit
C:\ProgramData\ContentData\ssleay32.dll

Filesize
268KB

MD5
a24016af3e4cb13139f7904fd1fd847d

SHA1
60b61964b809de44090bdb7a2cc1b0ccf608bc24

SHA256
df5ca94869c6532d6db6c2aafddc4eab93e867670ce5964728248df68e07ce20

SHA512
227f9f16a4d5d683d3fea82390cc4cc07bb2eac6d8fad1aa41806aed4b825a5372f00bc284d73c2be5ad34e023bbd35cac901a4322ce911b998921a157eb934c

Download Submit
C:\ProgramData\machineId

Filesize
36B

MD5
77ec9abe8154fb7e510c38bf2fe8ae85

SHA1
3b2544b6a36f3da1a8fa0ae9afb0a646e9015dc2

SHA256
d5056c6af9e630d0daf6afe6c4238c4f862a33ae5ecb1d34a9178ab04169c541

SHA512
d9453fd088b2fdb3bc2e5ac2ee477eab3da856d4dc15c67dae021acddc6c929c72943f1ab4e94c7ff9e7e1c8194045b863c2694579b7b620d5281d66c175054c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m0zabaxz.tir.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1544-147-0x0000000006AE0000-0x0000000006AFA000-memory.dmp

Filesize
104KB

Download
memory/1544-138-0x0000000005F90000-0x0000000005FF6000-memory.dmp

Filesize
408KB

Download
memory/1544-126-0x0000000003030000-0x0000000003066000-memory.dmp

Filesize
216KB

Download
memory/1544-129-0x0000000002B80000-0x0000000002B90000-memory.dmp

Filesize
64KB

Download
memory/1544-150-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/1544-128-0x0000000002B80000-0x0000000002B90000-memory.dmp

Filesize
64KB

Download
memory/1544-130-0x0000000005700000-0x0000000005D28000-memory.dmp

Filesize
6.2MB

Download
memory/1544-131-0x0000000005640000-0x0000000005662000-memory.dmp

Filesize
136KB

Download
memory/1544-132-0x0000000005E30000-0x0000000005E96000-memory.dmp

Filesize
408KB

Download
memory/1544-127-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/1544-143-0x0000000006210000-0x0000000006564000-memory.dmp

Filesize
3.3MB

Download
memory/1544-144-0x0000000006600000-0x000000000661E000-memory.dmp

Filesize
120KB

Download
memory/1544-145-0x0000000006990000-0x00000000069DC000-memory.dmp

Filesize
304KB

Download
memory/1544-146-0x0000000007C50000-0x00000000082CA000-memory.dmp

Filesize
6.5MB

Download
memory/2368-152-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2792-0-0x0000026410CB0000-0x0000026410CD8000-memory.dmp

Filesize
160KB

Download
memory/2792-175-0x00007FFCF9900000-0x00007FFCFA3C1000-memory.dmp

Filesize
10.8MB

Download
memory/2792-2-0x00007FFCF9900000-0x00007FFCFA3C1000-memory.dmp

Filesize
10.8MB

Download
memory/2792-1-0x0000026411090000-0x000002641109A000-memory.dmp

Filesize
40KB

Download
memory/2820-51-0x00007FFCFFF70000-0x00007FFCFFFD7000-memory.dmp

Filesize
412KB

Download
memory/2820-60-0x00007FFCF5ED0000-0x00007FFCF5F12000-memory.dmp

Filesize
264KB

Download
memory/2820-72-0x00007FFCF3910000-0x00007FFCF392B000-memory.dmp

Filesize
108KB

Download
memory/2820-73-0x00007FFCF38F0000-0x00007FFCF3902000-memory.dmp

Filesize
72KB

Download
memory/2820-74-0x00007FFCF38D0000-0x00007FFCF38E5000-memory.dmp

Filesize
84KB

Download
memory/2820-75-0x00007FFCF38B0000-0x00007FFCF38C3000-memory.dmp

Filesize
76KB

Download
memory/2820-71-0x00007FFCF3930000-0x00007FFCF3943000-memory.dmp

Filesize
76KB

Download
memory/2820-70-0x00007FFCF3950000-0x00007FFCF397A000-memory.dmp

Filesize
168KB

Download
memory/2820-69-0x00007FFCF3980000-0x00007FFCF3A86000-memory.dmp

Filesize
1.0MB

Download
memory/2820-79-0x00007FFCF3830000-0x00007FFCF3845000-memory.dmp

Filesize
84KB

Download
memory/2820-85-0x00007FFCF36F0000-0x00007FFCF3751000-memory.dmp

Filesize
388KB

Download
memory/2820-83-0x00007FFCF3780000-0x00007FFCF3791000-memory.dmp

Filesize
68KB

Download
memory/2820-84-0x00007FFCF3760000-0x00007FFCF3771000-memory.dmp

Filesize
68KB

Download
memory/2820-86-0x00007FFCF0000000-0x00007FFCF004E000-memory.dmp

Filesize
312KB

Download
memory/2820-82-0x00007FFCF37A0000-0x00007FFCF37D8000-memory.dmp

Filesize
224KB

Download
memory/2820-87-0x00007FFCEFFA0000-0x00007FFCEFFF7000-memory.dmp

Filesize
348KB

Download
memory/2820-81-0x00007FFCF37E0000-0x00007FFCF380B000-memory.dmp

Filesize
172KB

Download
memory/2820-88-0x00007FFCF3590000-0x00007FFCF35A1000-memory.dmp

Filesize
68KB

Download
memory/2820-89-0x00007FFCF32B0000-0x00007FFCF32C7000-memory.dmp

Filesize
92KB

Download
memory/2820-68-0x00007FFCF3A90000-0x00007FFCF3AA3000-memory.dmp

Filesize
76KB

Download
memory/2820-80-0x00007FFCF3810000-0x00007FFCF3821000-memory.dmp

Filesize
68KB

Download
memory/2820-78-0x00007FFCF3850000-0x00007FFCF3865000-memory.dmp

Filesize
84KB

Download
memory/2820-77-0x00007FFCF3870000-0x00007FFCF3882000-memory.dmp

Filesize
72KB

Download
memory/2820-76-0x00007FFCF3890000-0x00007FFCF38A4000-memory.dmp

Filesize
80KB

Download
memory/2820-67-0x00007FFCF3AB0000-0x00007FFCF3AD3000-memory.dmp

Filesize
140KB

Download
memory/2820-65-0x00007FFCF3B00000-0x00007FFCF3DB0000-memory.dmp

Filesize
2.7MB

Download
memory/2820-64-0x00007FFCF3DB0000-0x00007FFCF3FF1000-memory.dmp

Filesize
2.3MB

Download
memory/2820-63-0x00007FFCF4000000-0x00007FFCF4057000-memory.dmp

Filesize
348KB

Download
memory/2820-29-0x00007FF635410000-0x00007FF635508000-memory.dmp

Filesize
992KB

Download
memory/2820-62-0x00007FFCF4060000-0x00007FFCF41CB000-memory.dmp

Filesize
1.4MB

Download
memory/2820-61-0x00007FFCF5E80000-0x00007FFCF5ECD000-memory.dmp

Filesize
308KB

Download
memory/2820-66-0x00007FFCF3AE0000-0x00007FFCF3AF5000-memory.dmp

Filesize
84KB

Download
memory/2820-59-0x00007FFCF5F20000-0x00007FFCF5F32000-memory.dmp

Filesize
72KB

Download
memory/2820-58-0x00007FFCF41D0000-0x00007FFCF43D6000-memory.dmp

Filesize
2.0MB

Download
memory/2820-57-0x00007FFCF0240000-0x00007FFCF1AAF000-memory.dmp

Filesize
24.4MB

Download
memory/2820-56-0x00007FFD00630000-0x00007FFD00647000-memory.dmp

Filesize
92KB

Download
memory/2820-55-0x00007FFCF43E0000-0x00007FFCF4560000-memory.dmp

Filesize
1.5MB

Download
memory/2820-53-0x00007FFD00650000-0x00007FFD00661000-memory.dmp

Filesize
68KB

Download
memory/2820-54-0x00007FFCFA810000-0x00007FFCFA867000-memory.dmp

Filesize
348KB

Download
memory/2820-52-0x00007FFCF5F40000-0x00007FFCF5FBC000-memory.dmp

Filesize
496KB

Download
memory/2820-50-0x00007FFD00670000-0x00007FFD006A0000-memory.dmp

Filesize
192KB

Download
memory/2820-49-0x00007FFD088A0000-0x00007FFD088B8000-memory.dmp

Filesize
96KB

Download
memory/2820-48-0x00007FFD090A0000-0x00007FFD090B1000-memory.dmp

Filesize
68KB

Download
memory/2820-47-0x00007FFD090C0000-0x00007FFD090DB000-memory.dmp

Filesize
108KB

Download
memory/2820-46-0x00007FFD090E0000-0x00007FFD090F1000-memory.dmp

Filesize
68KB

Download
memory/2820-44-0x00007FFD09120000-0x00007FFD09131000-memory.dmp

Filesize
68KB

Download
memory/2820-45-0x00007FFD09100000-0x00007FFD09111000-memory.dmp

Filesize
68KB

Download
memory/2820-43-0x00007FFD09230000-0x00007FFD09248000-memory.dmp

Filesize
96KB

Download
memory/2820-41-0x00007FFD09530000-0x00007FFD09571000-memory.dmp

Filesize
260KB

Download
memory/2820-42-0x00007FFD093C0000-0x00007FFD093E1000-memory.dmp

Filesize
132KB

Download
memory/2820-40-0x0000025811480000-0x0000025812530000-memory.dmp

Filesize
16.7MB

Download
memory/2820-39-0x00007FFCF5610000-0x00007FFCF581B000-memory.dmp

Filesize
2.0MB

Download
memory/2820-32-0x00007FFD09960000-0x00007FFD09978000-memory.dmp

Filesize
96KB

Download
memory/2820-33-0x00007FFD09800000-0x00007FFD09817000-memory.dmp

Filesize
92KB

Download
memory/2820-36-0x00007FFD095C0000-0x00007FFD095D1000-memory.dmp

Filesize
68KB

Download
memory/2820-37-0x00007FFD095A0000-0x00007FFD095BD000-memory.dmp

Filesize
116KB

Download
memory/2820-38-0x00007FFD09580000-0x00007FFD09591000-memory.dmp

Filesize
68KB

Download
memory/2820-34-0x00007FFD097E0000-0x00007FFD097F1000-memory.dmp

Filesize
68KB

Download
memory/2820-35-0x00007FFD097C0000-0x00007FFD097D7000-memory.dmp

Filesize
92KB

Download
memory/2820-31-0x00007FFCF5FC0000-0x00007FFCF6276000-memory.dmp

Filesize
2.7MB

Download
memory/2820-30-0x00007FFD0B3D0000-0x00007FFD0B404000-memory.dmp

Filesize
208KB

Download
memory/3852-164-0x0000000001B90000-0x0000000001BBC000-memory.dmp

Filesize
176KB

Download
memory/4264-111-0x0000000002A70000-0x0000000002A9C000-memory.dmp

Filesize
176KB

Download