Overview

overview

10

Static

static

10

Compatibil...ck.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CompatibilityCheck.exe

  • Size

    37KB

  • MD5

    0c84829a79c06e88510607526990391e

  • SHA1

    63970a42f5b779c1f0f8d95d493317917b0bd46d

  • SHA256

    6f9b61794c9169a8860fb74e2cc0253b0bc283327b6485f799265f702a67c921

  • SHA512

    85638191fee2b456e601487aff23bc5dccbfd24e74970e5f1d8fbdad633a3d31208887f682debf1fd2abcec6e36c50e74b6da30c660dfa0bc0471e7ef8c98f40

  • SSDEEP

    384:p6hCpb2iKrL4y4Oo49qylTKbWstSXHasW4TkrAF+rMRTyN/0L+EcoinblneHQM3Y:oCdi/s89ZlTKtSK94YrM+rMRa8NuS2t

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 5 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\CompatibilityCheck.exe
    "C:\Users\Admin\AppData\Local\Temp\CompatibilityCheck.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\ProgramData\COM Surrogate.exe
      "C:\ProgramData\COM Surrogate.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops autorun.inf file
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4996
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\ProgramData\COM Surrogate.exe" "COM Surrogate.exe" ENABLE
        3⤵
        • Modifies Windows Firewall
        PID:4072
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /F /IM SecHealthUI.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4080
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4228
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:5052
    • C:\ProgramData\COM Surrogate.exe
      "C:\ProgramData\COM Surrogate.exe"
      1⤵
      • Executes dropped EXE
      PID:5016
    • C:\ProgramData\COM Surrogate.exe
      "C:\ProgramData\COM Surrogate.exe"
      1⤵
      • Executes dropped EXE
      PID:4728
    • C:\Windows\System32\msdt.exe
      "C:\Windows\System32\msdt.exe" -skip TRUE -id NetworkDiagnosticsNetworkAdapter -ep NetworkDiagnosticsPNI
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:876
    • C:\Windows\System32\sdiagnhost.exe
      C:\Windows\System32\sdiagnhost.exe -Embedding
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5940
      • C:\Windows\system32\netsh.exe
        "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter AdapterGuid={492807CF-4C1C-4B46-B759-3B07CD93BC18}
        2⤵
          PID:6132
        • C:\Windows\system32\netsh.exe
          "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter AdapterGuid={492807CF-4C1C-4B46-B759-3B07CD93BC18}
          2⤵
            PID:1544
          • C:\Windows\system32\ipconfig.exe
            "C:\Windows\system32\ipconfig.exe" /all
            2⤵
            • Gathers network information
            PID:5184
          • C:\Windows\system32\ROUTE.EXE
            "C:\Windows\system32\ROUTE.EXE" print
            2⤵
              PID:5220
            • C:\Windows\system32\makecab.exe
              "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
              2⤵
                PID:5252
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
              1⤵
              • Drops file in System32 directory
              • Checks processor information in registry
              PID:3776
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
              1⤵
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              PID:3564
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
              1⤵
                PID:4372
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
                1⤵
                • Drops file in Windows directory
                • Modifies data under HKEY_USERS
                PID:2292
              • C:\ProgramData\COM Surrogate.exe
                "C:\ProgramData\COM Surrogate.exe"
                1⤵
                • Executes dropped EXE
                PID:5752
              • C:\ProgramData\COM Surrogate.exe
                "C:\ProgramData\COM Surrogate.exe"
                1⤵
                • Executes dropped EXE
                PID:5836
              • C:\ProgramData\COM Surrogate.exe
                "C:\ProgramData\COM Surrogate.exe"
                1⤵
                • Executes dropped EXE
                PID:5872

              Network

              MITRE ATT&CK Enterprise v15

              Reconnaissance

              Resource Development

              Initial Access

              Replication Through Removable Media

              1
              T1091

              Execution

              Command and Scripting Interpreter

              1
              T1059

              Persistence

              Boot or Logon Autostart Execution

              1
              T1547

              Registry Run Keys / Startup Folder

              1
              T1547.001

              Create or Modify System Process

              1
              T1543

              Windows Service

              1
              T1543.003

              Privilege Escalation

              Boot or Logon Autostart Execution

              1
              T1547

              Registry Run Keys / Startup Folder

              1
              T1547.001

              Create or Modify System Process

              1
              T1543

              Windows Service

              1
              T1543.003

              Defense Evasion

              Impair Defenses

              1
              T1562

              Disable or Modify System Firewall

              1
              T1562.004

              Modify Registry

              1
              T1112

              Credential Access

              Discovery

              Peripheral Device Discovery

              1
              T1120

              Query Registry

              4
              T1012

              System Information Discovery

              5
              T1082

              Lateral Movement

              Replication Through Removable Media

              1
              T1091

              Collection

              Command and Control

              Exfiltration

              Impact

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\ProgramData\COM Surrogate.exe
                Filesize

                37KB

                MD5

                0c84829a79c06e88510607526990391e

                SHA1

                63970a42f5b779c1f0f8d95d493317917b0bd46d

                SHA256

                6f9b61794c9169a8860fb74e2cc0253b0bc283327b6485f799265f702a67c921

                SHA512

                85638191fee2b456e601487aff23bc5dccbfd24e74970e5f1d8fbdad633a3d31208887f682debf1fd2abcec6e36c50e74b6da30c660dfa0bc0471e7ef8c98f40

                Download Submit

              • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1612347604\2024042821.000\NetworkDiagnostics.debugreport.xml
                Filesize

                205KB

                MD5

                07dc521514357d3bb72c4f0e506913e0

                SHA1

                f1fb3b0f4266386cfcb9876cffa61acbb26ec2b1

                SHA256

                4a9b16b6e962544ab435c55a37c81b910976fb15d372997acb8594419e22c8ef

                SHA512

                e21df883683add8b6ad811923fb6c53023da98e733f71d9ec0771c7a0816ba8076861e5093ed7014d2c721e4f84abaced27ab7f5067eada1711ec494b77ca0c2

                Download Submit

              • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1612347604\2024042821.000\results.xsl
                Filesize

                47KB

                MD5

                310e1da2344ba6ca96666fb639840ea9

                SHA1

                e8694edf9ee68782aa1de05470b884cc1a0e1ded

                SHA256

                67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

                SHA512

                62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\COM Surrogate.exe.log
                Filesize

                319B

                MD5

                da4fafeffe21b7cb3a8c170ca7911976

                SHA1

                50ef77e2451ab60f93f4db88325b897d215be5ad

                SHA256

                7341a4a13e81cbb5b7f39ec47bb45f84836b08b8d8e3ea231d2c7dad982094f7

                SHA512

                0bc24b69460f31a0ebc0628b99908d818ee85feb7e4b663271d9375b30cced0cd55a0bbf8edff1281a4c886ddf4476ffc989c283069cdcb1235ffcb265580fc6

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-04282024-2146.etl
                Filesize

                192KB

                MD5

                40b9af2b06be8c5d09014724d1731840

                SHA1

                3b92f8523cf8785899a7572a2a3e8de049161d12

                SHA256

                ae977dca9352710f690206b576f7db5e0a50606f81da162050df4bcd1ca44931

                SHA512

                d2dfc665f211e10f5076cde91176a06cdb6cc24651dde449f7cb2651389d8a2e57d90e699c65e6dd2488def7a8853f1a77abfc4f331e73e0370c91f88dcecd56

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eid4qyrl.qvv.ps1
                Filesize

                60B

                MD5

                d17fe0a3f47be24a6453e9ef58c94641

                SHA1

                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                SHA256

                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                SHA512

                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpD0D8.tmp\NetworkConfiguration.cab
                Filesize

                1KB

                MD5

                d856aef2bf338d81efd990d1e5bb592d

                SHA1

                185745cf605d0ee7ff62af8e183bef093f375c7c

                SHA256

                6e5a68e5e1cc500d16153b5389865f69ed7f7ff82599aa6d5d37b6b0930054ac

                SHA512

                607d9015f60c3dc1b1807046e7e2456a1843cc18287336c749421721e18e4f03e1bc7ca8ef06d65918b7ab8d6aeb04611c2f0c25cedab07518f88dbcecb7f8fc

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpD0D8.tmp\NetworkConfiguration.ddf
                Filesize

                231B

                MD5

                00848049d4218c485d9e9d7a54aa3b5f

                SHA1

                d1d5f388221417985c365e8acaec127b971c40d0

                SHA256

                ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

                SHA512

                3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpD0D8.tmp\ipconfig.all.txt
                Filesize

                1KB

                MD5

                e8854e671204751608ed66bd5e0d5da5

                SHA1

                8ca9d5851d60c8fc7fae9e2f75b419de74c5993e

                SHA256

                e89ff7b50aaa91700c7d5496309e8ca2efe8e0ce82235f7fc56ad6de02da17a6

                SHA512

                79c5e415a341c350b7ad8c4fb701667f004ab17d307574ae512aea48507e3c3bc091fe97979c97f6144411a3a75b8704309bb2f4cf06e9d93d9ff12695fb58cb

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpD0D8.tmp\route.print.txt
                Filesize

                4KB

                MD5

                d28ad02413c40387ea3651c129ec3498

                SHA1

                cb6c7224a125dc06a1b6ee6dcdb05db83935d8ec

                SHA256

                72dac253d8ff513154c735511c97f213411ffbf3bf8db5f59d22e493f551ff78

                SHA512

                dcf1d076f640beb2a391ef79fb6ec15d473d0c859d79d1120c6a66acce08938993810e9dec5231efcd6f0e5ff8be7f24aa362ff99e60d00352e17ca531e0b4e2

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpD0D8.tmp\setup.inf
                Filesize

                978B

                MD5

                78fb2abcc7034ae36debb48d724dfb02

                SHA1

                848eeaf76435b7349b794ef66d3e2d5040c6286d

                SHA256

                6a525835a04aeb5088d88b1637e15b680445328d84d38b6efe050b79bf30b7df

                SHA512

                5ff625f23c53c70337408279bc7245fd1f12c362725e009d396e1654689d2509c31375fddda6bedc30cda68694f6ea605f58a44b4bd3dbbfa5d343d995b1d164

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpD0D8.tmp\setup.rpt
                Filesize

                283B

                MD5

                f4aec6c7039635ab7aab94a991c13c57

                SHA1

                2d18c57400f14ddf014c1c2c3d1d6ce8c4e700d5

                SHA256

                8f0d389937307c5ac58d93374494c8cbea70ee32a89b980a525d2310a0f2a860

                SHA512

                18eafb888964a255d33b922703cb47cc29d773ec5a3842edd55036201c33d59e2bc8486edbf9cbe07aee398c4b557e300bbcaf610e92f08201c8dac5adfeec7b

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\NetworkDiagnosticsResolve.ps1
                Filesize

                11KB

                MD5

                d213491a2d74b38a9535d616b9161217

                SHA1

                bde94742d1e769638e2de84dfb099f797adcc217

                SHA256

                4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

                SHA512

                5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\NetworkDiagnosticsTroubleshoot.ps1
                Filesize

                25KB

                MD5

                d0cfc204ca3968b891f7ce0dccfb2eda

                SHA1

                56dad1716554d8dc573d0ea391f808e7857b2206

                SHA256

                e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

                SHA512

                4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\NetworkDiagnosticsVerify.ps1
                Filesize

                10KB

                MD5

                9b222d8ec4b20860f10ebf303035b984

                SHA1

                b30eea35c2516afcab2c49ef6531af94efaf7e1a

                SHA256

                a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

                SHA512

                8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\StartDPSService.ps1
                Filesize

                567B

                MD5

                a660422059d953c6d681b53a6977100e

                SHA1

                0c95dd05514d062354c0eecc9ae8d437123305bb

                SHA256

                d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

                SHA512

                26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\UtilityFunctions.ps1
                Filesize

                53KB

                MD5

                c912faa190464ce7dec867464c35a8dc

                SHA1

                d1c6482dad37720db6bdc594c4757914d1b1dd70

                SHA256

                3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

                SHA512

                5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\UtilitySetConstants.ps1
                Filesize

                2KB

                MD5

                0c75ae5e75c3e181d13768909c8240ba

                SHA1

                288403fc4bedaacebccf4f74d3073f082ef70eb9

                SHA256

                de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

                SHA512

                8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

                Download Submit

              • C:\Windows\TEMP\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\en-US\LocalizationData.psd1
                Filesize

                5KB

                MD5

                380768979618b7097b0476179ec494ed

                SHA1

                af2a03a17c546e4eeb896b230e4f2a52720545ab

                SHA256

                0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

                SHA512

                b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

                Download Submit

              • C:\Windows\Temp\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\DiagPackage.dll
                Filesize

                478KB

                MD5

                580dc3658fa3fe42c41c99c52a9ce6b0

                SHA1

                3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

                SHA256

                5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

                SHA512

                68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

                Download Submit

              • C:\Windows\Temp\SDIAG_0879c3b7-68bd-440e-8c8f-9e8a18cbaf51\en-US\DiagPackage.dll.mui
                Filesize

                17KB

                MD5

                44c4385447d4fa46b407fc47c8a467d0

                SHA1

                41e4e0e83b74943f5c41648f263b832419c05256

                SHA256

                8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

                SHA512

                191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

                Download Submit

              • memory/1004-1-0x0000000074CC0000-0x0000000075271000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/1004-2-0x0000000000860000-0x0000000000870000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1004-0-0x0000000074CC0000-0x0000000075271000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/1004-12-0x0000000074CC0000-0x0000000075271000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/3776-420-0x00000200B3100000-0x00000200B3110000-memory.dmp

                Filesize

                64KB

                Download

              • memory/3776-424-0x00000200B35A0000-0x00000200B35A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-30-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-31-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-24-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-25-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-32-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-33-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-34-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-35-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-36-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4228-26-0x000002BE8F030000-0x000002BE8F031000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4996-13-0x0000000074CC0000-0x0000000075271000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/4996-23-0x0000000074CC0000-0x0000000075271000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/5940-410-0x00000249FF0E0000-0x00000249FF102000-memory.dmp

                Filesize

                136KB

                Download