d312dd4594de24e3c0b5258cde070351a63d7d16dd373a01fee695c34db56191

Analysis

max time kernel
589s
max time network
592s
platform
windows10-1703_x64
resource
win10-20240404-it
resource tags

arch:x64arch:x86image:win10-20240404-itlocale:it-itos:windows10-1703-x64systemwindows
submitted
30-04-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

valchecker-main/updater.bat
Size

916B
MD5

e3e309fbacad4c207f87276b0bcf3047
SHA1

8b49e7896c9ba22f8f421a77e027dc35dd250399
SHA256

d364a73520cb64d6feb233d6f6e36815aaebedd3c626c22bc68b57b978af6f69
SHA512

b9b231fbd45018f39c58f86fe2000855b336e49d28fb08ac028974b7da1c01a54be9cb4d689eff611c93d6c29a3810f3191fd6b364e05ded40f555c4028ad7bb

Score

10^/10

pyinstaller

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/LIL-JABA/valchecker/archive/refs/heads/main.zip

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	4464	powershell.exe
4	4464	powershell.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral19/files/0x000700000001ac4b-188.dat	pyinstaller

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4464	powershell.exe
4464	powershell.exe
4464	powershell.exe
2288	powershell.exe
2288	powershell.exe
2288	powershell.exe
4492	powershell.exe
4492	powershell.exe
4492	powershell.exe
1680	powershell.exe
1680	powershell.exe
1680	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4464	powershell.exe
Token: SeDebugPrivilege	2288	powershell.exe
Token: SeDebugPrivilege	4492	powershell.exe
Token: SeDebugPrivilege	1680	powershell.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 792 wrote to memory of 4464	792	cmd.exe	74
PID 792 wrote to memory of 4464	792	cmd.exe	74
PID 792 wrote to memory of 2288	792	cmd.exe	75
PID 792 wrote to memory of 2288	792	cmd.exe	75
PID 792 wrote to memory of 1344	792	cmd.exe	76
PID 792 wrote to memory of 1344	792	cmd.exe	76
PID 792 wrote to memory of 4492	792	cmd.exe	77
PID 792 wrote to memory of 4492	792	cmd.exe	77
PID 792 wrote to memory of 1680	792	cmd.exe	78
PID 792 wrote to memory of 1680	792	cmd.exe	78

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\valchecker-main\updater.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:792
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell (New-Object System.Net.WebClient).Downloadfile('https://github.com/LIL-JABA/valchecker/archive/refs/heads/main.zip', 'valchecker-latest.zip')
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4464
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe Expand-Archive -Path valchecker-latest.zip -Force
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2288
- C:\Windows\system32\xcopy.exe
  xcopy /s "valchecker-latest/valchecker-main" "*" /Y
  2⤵
  PID:1344
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell Remove-Item -Path valchecker-latest.zip -Force
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4492
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell Remove-Item -Path valchecker-latest -Force -Recurse
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
56efdb5a0f10b5eece165de4f8c9d799

SHA1
fa5de7ca343b018c3bfeab692545eb544c244e16

SHA256
6c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108

SHA512
91e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a3ccd2b56ba4a3e0a9eaad086e6f7143

SHA1
99f2fbf9c88d23cde219a0e5692e3f1a8e16b020

SHA256
092a2959846b56fd452b1061ceb3a4eee5664e614ac374e731233c00620b5de2

SHA512
a28bd479746832ccd12ccbc793f3f879a5f20535275beb33e1856ced6865fe0787cffe143a0bbe3b4f81e7300136105c169ceea905d7f0c3907f7b1b217cddb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c989ccd880dbfacd88150961d3305537

SHA1
4958271153a210834bf5fabca17e956dd1e29f43

SHA256
93047387bc7e04f03d91afc3c63ce90cf7eb54f1ca172815835b6ea527fda2da

SHA512
639ceeb0cad1aded2f064a25a6dbf04cec7dc97faaa43c4c0cf9029b1a2215c5ece76bb28233ec91afcfa3bfae91ee91b54cf523f0f9295b7719958e8345499f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f3495b8795a1735ec928869189c64b44

SHA1
e658f731bf603eed8f1bceb217bb904f62111cf6

SHA256
60713ddb90f13dbed61b7c93927606d8685a32657b0e102809e8a5cb2e4ccb63

SHA512
4a97b07b61dfd87a5c3e24fd6fed77b005d6fd69a1c6c26bb00165ff5c21ed5d4e8d9b9878df71bfe04aaeeb30e860f0d63507c555d8e7150c5458d160af76e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5go1sq1r.2q5.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\.gitignore

Filesize
28B

MD5
2b04eb3386039a72dc7afc5f7e93b75b

SHA1
0c78327a4e2f835aa4852ce8edda2a714ddf9037

SHA256
42d50f642d2c2bcc5d1d574927a3ccd6f6ae067eea6b54829f168277123dbcd5

SHA512
1c0f1b3510727fd7d28608570c21436ebd9de967cb20cc64b1b6cd2ea13a379e30ec4dc8b92ec24ec9f887c4949853f18f44c9d4bd4976befd2e287b6b1e7e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\LICENSE.md

Filesize
11KB

MD5
9499ad917f51cd7e29b4626891253a5d

SHA1
7a655d5f34f8497e26004221613ab31574125b06

SHA256
521e945df13470b05e190cac734405a5f2c4dee48285a6cadfc6e0844f7824d0

SHA512
6871ad5e9a2ab7a80ce54ccfa1331e265ff7628a685d59d9ea1b0b73e4d935416e9bf9428e86814a2684ecc7630e1fc69223b06fc55456e73f9ccde6ad61db0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\debug.bat

Filesize
41B

MD5
c89c88353815085085214278b2bff813

SHA1
a120cf6dd1c8c278b4dac9fe07c22f6c01b8cbc3

SHA256
266eb1c17c4ed74c02c51b68a78f92e67616fadcebc04bb56932495860f14977

SHA512
665fd9163593a7b7347612f10b5368189a96bbd240bc175ae7d634e95e5dc3205a53a1051412170c499793e8e571d9ea42cc201f8a054dcd55e3d8a158201a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\output\riot_limits.txt

Filesize
29KB

MD5
fa83132a40f8a1bb31b17977cbdbe360

SHA1
61c13a62e359657e82c5393e4d6c0cad0c0416ac

SHA256
17f6a564354077ae17b64fcaca9c2ac7f77719df3b797d9fca446d6e639f0377

SHA512
06b5f401f358eaa237e44982a59ea62e69c9506ad2fdf01b588aed0e9bbd14f09f12011e67d3419fdd7e6536d4b8adfcfed6ef2583b5f5d3f7c6c50cc3b58b79

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\proxy.txt

Filesize
218B

MD5
798bcb9072071c7300fe222567dc5c44

SHA1
8db1533a85c184191956e316ea00d6ff4b328cf6

SHA256
5bc0f609a03741afae60f666a40310e7081772f4fce3d60cc06865ce457d8adb

SHA512
9ddb4c100f6aa7fc7aa881a36b7c6a2581c7c6a00f4ebde15eb8d56d1c76dc18d7213e8f3ecd0ae5659cee3ab0687640304f9c3aab591e1705749c0bfe9731be

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\readme.md

Filesize
513B

MD5
a2111f9748ffcd9e064da5e79c388672

SHA1
ee56c7eecbc06873f0189d922cd171e8fc00e044

SHA256
fd5a2de073a6067cbc10fa2cbaf957426ab1e356be3c5db1a9a037c4ed5b3470

SHA512
cc01a6f6279a8d29bb14b6e7bd8b17befa7a71652a4d8cdd473ee001461cb5dbf12428f1e350ecc4a937375b237348bc3a545db00d6e565f7a39d2c81dc0cc58

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\requirements.txt

Filesize
61B

MD5
5db6fb88d88961137de1477a18f10df3

SHA1
2e697639109a943abd4869bf022318bc9013bd1d

SHA256
8edd17a066bbe2fb6a90cafb29611b7a8d259e989fb4a932b02d1cf15246c114

SHA512
8aa652c53b7042efdaa009e4dd4c749a497d0798f93c785a9216114baf08ea34d998b3957e7533ebf035bfdf7884f084c0d9f9bae2cba089954391157f543698

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\setup.bat

Filesize
49B

MD5
9513028fe29d3940f8e7aae033336478

SHA1
ccb59129f9ef54f6e8cbf1b0e4c9cad83a4efd27

SHA256
3f2113d172f1c84d63b4977680879df70ac6f2c40d9c43db9ffe1eac055d0b9a

SHA512
39889c81bbe3c2fa6eeabdb94b7bbe5f0f38f3987aac45b746b1478f1a632e92655b58eefd995ad35f2c56e8104223e65e137bbf49f55bc63b0d0a1c3f9081bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\assets\skins.json

Filesize
1.9MB

MD5
3b8af1192c29d50954b0e17b998ced29

SHA1
cb05c1e572a6de3e5954694b14f467128f487eef

SHA256
ab37a3afe807895316e4aaa2534576b1e8a6b88e93c8287fec8df7ab99d83813

SHA512
14520a080e1afc653757cbac57a83e5d31ab13509bfaab2097eb244ab360e744884923ccb4fc46d506a9cfe85117c2297c56566df53a1b5706c5ef04fa6ade36

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\PCSS.py

Filesize
5KB

MD5
2cf60fa75a7c92c264e56f4c094dce50

SHA1
1c1bbee2100ad2460bfee7be43fec78ab51c588a

SHA256
c3bc73fbe78440513d57dd4a85ae54c62ad5e426d67113a47e8e5ca0e046b1e5

SHA512
39a5ce6c9503a47dd1350a37d6245b75b563b367b0dd902fdd3e9b73935a2d813d81df5b954b0c7c7b38d11b37c5ebf864fb14448b8b9f11b7acd82b0f2ffec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\antipublic.py

Filesize
757B

MD5
73c99bf9db770d692daf38c51bc8d5a8

SHA1
c80544090c4b7ddf1da79ecf3a4d888d3fc41a52

SHA256
52700affc0f4ef06f42753a28d9acdacd39bc7696a3721233e9dcb17a47cb8db

SHA512
ac424ad7aac5a52ad5deca2ad9eb38f1d5252c763b2cc1b54d4ff9d2616bd06aeb321ead3e196ec27f4b616d157e8808ccc24e5026df5f987fe84bb275a11029

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\auth.py

Filesize
7KB

MD5
fba9a543d90117091227d26457898bb8

SHA1
897543bf0224ec92d9cf7e60edd394d2aa893d31

SHA256
ed1390b324ee62f7e0a2549bb17fc6998b6e118efbf775102a839029a61c735f

SHA512
eefb7dd9258ddd9c2326ed66bf30b410c39a26b1acd506210c288e3a0588a217b993fdf7c955b8708befa630c481d80e7b42d40264505c46a57a349497e149c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\checkers.py

Filesize
6KB

MD5
b70617141a69cc2ba835837c3b4cf8cf

SHA1
c041a77181872cc5b54ae13cb9127f731e863dbf

SHA256
3296269c3870e5d752bd621672548a4e5207a34640a78218adf7864691bd835c

SHA512
bc2af430c9051bc7eedb4234b0edffe1640a55228abff95113309931d27e9410e50032561eea43399c0583cb974c29a65056b4ca6879bd18ce3252410b27da1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\data.py

Filesize
11KB

MD5
9abebf6403cf7304bffc0cf2bff4da95

SHA1
9c29aaba5a4439f190818c35f0e4dfd61bbfc06a

SHA256
1bd5648350c45a7f7dffe6f3f3250d08de5d80d9a23f917dd7810fd26ac22bde

SHA512
ba97d0565eafe510a5e3176a491c5411db9ac042fd4949368de644304b3fe547110a435513dc702c44430be8892a8476305c7e19b8250773071c0c2fee80067a

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\fastcheck.py

Filesize
8KB

MD5
c791e29effc28a6f471b6a1050190ea9

SHA1
44f5a4c8d841ac811b196562aa4d2f4abd7f2e11

SHA256
ca4977375d29628feab10085397e5cbb9dbcb8b126f16c7fb5500f8f05720ede

SHA512
2c21e3d0a921852b1af8473e4ebe91b290659d2223d047b42b4625749b8dc7e2e96d2c2b9745f2a5f082f68d5611d3e5b10dfad7aa13d7a208ca86199a16799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\stuff.py

Filesize
1KB

MD5
c4c3219abffc7c52516c900972050fbf

SHA1
57c53750ef90bb120e52b2831ab83c26138df7b2

SHA256
bc125f246247bf737bcdc9dc5650dfec24017167bdf7b5dcabdcea6855e85658

SHA512
78b3dcf6f739d6a34d30ac2b474572701f3fb3ea795823c7cd2bdc64292368a84deeb1d92e0fc97fc75399f1b6939365fd9a7099890f6055aae4eaa911f44e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\systems.py

Filesize
15KB

MD5
a27ab2e3215bb3e8a6b9a0643e8ade2d

SHA1
2b0b25d8784ffc17f8bbf87e7b44afdbee4eec5c

SHA256
ee016c372eae58081625bc8595e5820ce27d8453dff84a78e80ee670e13aa513

SHA512
1139f02f7703fc1b2c35525959d4957ccefe07bf81626825b5e1280c80de8038760a8149ad369ffd390e4b548c26857c67eab3e0b8d65fab7731e5205453fee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\codeparts\validsort.py

Filesize
7KB

MD5
4f0abe54c85a869ad43d5e5f626adb40

SHA1
2abf03b810ebc89c5dfaa05d5725c219799ed6fe

SHA256
c32766fccefc71c7d5ba3221cc6a790a93cc95b1203544ee85a35bc015c43f88

SHA512
6f0679abae5d014569f3e606dda49727690bad01cec4166ad9281f0a23f8f8e4d02306e29e1e6c7a38fd88335c6338cc35680eadaa1c49359281042c4c77799b

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\main.py

Filesize
7KB

MD5
de02bbbba0104c8f90e47cb555ddcdc2

SHA1
a52d063213c34fac6cf8ff8cd46c5d3cf7597827

SHA256
9e054a8ac87ac3baeff231bb4ff91efb3d1ea1018073b14ac9fd2558f5b9173c

SHA512
d815c68b79469a456c30f3832cc3c6c11cb6a55af9b31cd5b00363eb89d01f49a98f93429e8da7aa16a9c0ce8a95996523e7eee446baf11a84b7abcab9047eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\system\settings.json

Filesize
205B

MD5
fe48fe76758a6f0435ea71dda4b962f5

SHA1
30c96ecafad0be50b624ae550c1bc8432647304f

SHA256
71c62860d973305b00ce28241eb1117bf95182f666ec92e5cf1be09f6df16052

SHA512
5c42be6ef55b3c3c87afaf4e10e5354d710c85bce8ec515dab1becb3baa359ceab31602b2ac4c0476e0e7cbcbde8780fda72c060b37b5f703c6f5cfbe9ca104f

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\src\system\ver.txt

Filesize
6B

MD5
d228f4c33f89bac9e506ae921d33a9ff

SHA1
4f658c2c4d3c9b857901f7cde64770a344f9b1e1

SHA256
eb9489a30efd5916f501adcc204c9d82a5f67fcd957dc3f1d43f34510cd07301

SHA512
162608a72ea880a9a98b041674e49367c164d89e6fd046d8993d5649bf2e58241f207e1b1b4f4abcd9681779d16dd02d49c1d6a7b296c9f51f9535c961693a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\start.bat

Filesize
38B

MD5
4b535df2ccac4eb6326f1b013f7b5a58

SHA1
76c5682afe3891fd5687b1c0bd19eadf5603099c

SHA256
898e93f6525b1cfc1c55634d3e75ae4c7dc37545be808198514fd67e4039cb06

SHA512
559718299fc59d077365907ad21a7d1f0484419547a560729e5625ea5ed12a909312b67340631e1c2488c1da2c125d6eefdbcf54fb20325f3a9c1fe4250fd1d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\updater.bat

Filesize
916B

MD5
e3e309fbacad4c207f87276b0bcf3047

SHA1
8b49e7896c9ba22f8f421a77e027dc35dd250399

SHA256
d364a73520cb64d6feb233d6f6e36815aaebedd3c626c22bc68b57b978af6f69

SHA512
b9b231fbd45018f39c58f86fe2000855b336e49d28fb08ac028974b7da1c01a54be9cb4d689eff611c93d6c29a3810f3191fd6b364e05ded40f555c4028ad7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\valchecker-latest.zip

Filesize
5.8MB

MD5
05ec243d1c45c667f6ecad335ce17d5b

SHA1
7478ccf34504aadc1c4aad8551e803eb9e257d9a

SHA256
8f1e47e73901c11d7cbda5d1b99b0e06486ca474097a6c3cefb6853fdee61e99

SHA512
11b9b5de9fb7b4f598ab24c4b12969cabbdcb112b50a8dc36ee30c259ef1d42bc28a57bc6dbf365c20796744dcadd902f5f93da0cc09d2383982b97b5591ede6

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\valchecker-latest\valchecker-main\src\checker.py

Filesize
37KB

MD5
6203201d9dc3e10d0534e6a4983ac238

SHA1
4f866e45794363e543c1fc476619f23f15772ccc

SHA256
e0bd3a43e9de2b93b03e86e7f8343fdbedaf27d322db20d83beaadb2c478d64c

SHA512
292b41cf78b445fe368cdeaa3cc6781eff9a3eea2c1b0bcdc5623c22347ad2532399177e6535f83db92494df63e9a2b6de4815de9ab946028bd4e4baff3c0940

Download Submit
C:\Users\Admin\AppData\Local\Temp\valchecker-main\wifi_anywhere.exe

Filesize
5.7MB

MD5
4fb2ed1baf52e323acebb4aca3003e53

SHA1
5ce84718e911e1d3242fe27dd321245b88ef57eb

SHA256
c276362ccdd36a07c85bc88f601715a894c7e93c5ad41b2f4886574c5dec03db

SHA512
8f04f6cf2013f4211d36ce13f1f308c31adc241fec1cc74a3d5c23d8bd3b448836c1c58acb6c1365c5ae51fffec96316b14be5130eaeb388d2fc102a75171ae7

Download Submit
memory/2288-39-0x00007FFBFFE10000-0x00007FFC007FC000-memory.dmp

Filesize
9.9MB

Download
memory/2288-93-0x0000023B63320000-0x0000023B6332A000-memory.dmp

Filesize
40KB

Download
memory/2288-80-0x0000023B7BBC0000-0x0000023B7BBD2000-memory.dmp

Filesize
72KB

Download
memory/2288-148-0x00007FFBFFE10000-0x00007FFC007FC000-memory.dmp

Filesize
9.9MB

Download
memory/2288-62-0x0000023B7B810000-0x0000023B7B824000-memory.dmp

Filesize
80KB

Download
memory/2288-61-0x0000023B632E0000-0x0000023B632F0000-memory.dmp

Filesize
64KB

Download
memory/2288-40-0x0000023B632E0000-0x0000023B632F0000-memory.dmp

Filesize
64KB

Download
memory/2288-41-0x0000023B632E0000-0x0000023B632F0000-memory.dmp

Filesize
64KB

Download
memory/4464-4-0x0000025F47760000-0x0000025F477E2000-memory.dmp

Filesize
520KB

Download
memory/4464-28-0x0000025F476C0000-0x0000025F476D0000-memory.dmp

Filesize
64KB

Download
memory/4464-33-0x00007FFBFFE10000-0x00007FFC007FC000-memory.dmp

Filesize
9.9MB

Download
memory/4464-13-0x0000025F47AF0000-0x0000025F47B66000-memory.dmp

Filesize
472KB

Download
memory/4464-9-0x0000025F476C0000-0x0000025F476D0000-memory.dmp

Filesize
64KB

Download
memory/4464-10-0x0000025F476C0000-0x0000025F476D0000-memory.dmp

Filesize
64KB

Download
memory/4464-8-0x00007FFBFFE10000-0x00007FFC007FC000-memory.dmp

Filesize
9.9MB

Download
memory/4464-7-0x0000025F479F0000-0x0000025F47AF0000-memory.dmp

Filesize
1024KB

Download
memory/4464-5-0x0000025F47680000-0x0000025F476A2000-memory.dmp

Filesize
136KB

Download
memory/4464-6-0x0000025F47650000-0x0000025F47660000-memory.dmp

Filesize
64KB

Download