Overview

overview

1

Static

static

1

Sos_May 15...cE.rtf

windows11-21h2-x64

1

Analysis

  • max time kernel
    188s
  • max time network
    198s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2024, 18:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Sos_May 15 Ref_aBLxIcE.rtf

  • Size

    282KB

  • MD5

    1a8ebd02ce78002edd0f248b3eae99c8

  • SHA1

    2d4e54f0705a8fd426368e8f4b886349893c05b8

  • SHA256

    f8f80245e50d3919adc4c0692aff8a45ff5c50fc01860eb8ebf08960c73b1457

  • SHA512

    cc6f21160efd2fdd355da7ef8f04d8d7fc073f222e9bb00653062208de6c79dfc3305a451ebbf0ea89bab46afac2ed35affbd17b7a655e48ac818a5f9f1e088d

  • SSDEEP

    3072:1jN6xZ+Wa+9XPdL5OPM5T9wxnyHorY8EoQTG9iHPBU:RgAeXPdlAcaRyHohAAyU

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Sos_May 15 Ref_aBLxIcE.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1296
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.0.1979948946\748790963" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1752 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa6f933a-1e94-4352-8b62-a90bb0c8c6ce} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 1864 2280f612158 gpu
        3⤵
          PID:3860
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.1.1955733144\1507037899" -parentBuildID 20230214051806 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69318d09-2813-4be2-b572-c1aef273a417} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 2388 22802988a58 socket
          3⤵
            PID:3460
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.2.11297823\1572432599" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2932 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47433c7b-fdfa-49a2-95a0-bce799522f23} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 2848 228122fb358 tab
            3⤵
              PID:2088
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.3.561082732\1275204393" -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eea93245-107c-4c1a-a32f-43173c83dd54} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 3916 22815159958 tab
              3⤵
                PID:4780
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.4.1593372408\829842236" -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d7734d7-6b68-4002-bc81-42fd799ffe36} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 5148 228159ec858 tab
                3⤵
                  PID:1568
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.5.936344420\235487610" -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5184 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b151582-74a5-4682-a9af-742e3b89f357} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 5396 22817372e58 tab
                  3⤵
                    PID:4592
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.6.74716035\890427682" -childID 5 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f6f8c4b-70b1-4e7f-b05d-8139802706f7} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 5320 22817372858 tab
                    3⤵
                      PID:2176
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2064.7.1948791196\862494490" -childID 6 -isForBrowser -prefsHandle 1596 -prefMapHandle 6068 -prefsLen 31085 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a04a9d27-e117-4018-b9b0-27f4163fd1f2} 2064 "\\.\pipe\gecko-crash-server-pipe.2064" 4948 2280f611858 tab
                      3⤵
                        PID:1808

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          23KB

                          MD5

                          112680a69305315439742737aa0a5cb7

                          SHA1

                          2b424b75ab7a365b0b273419b8f0365fa1184de6

                          SHA256

                          149e2e3448323d0626dc6a2dd193002a5ddd7c966328f9f7a92a68f250ff9e87

                          SHA512

                          59592c2ee7a979867a30b27eb9dc4f8fed4b06d0688f7360fdc967262ba1d01984f94edce7cede408558f250523c6a46fb48164d957f052175bbc6a406396ed9

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
                          Filesize

                          13KB

                          MD5

                          b502ceb96f9d9a617d459d4127a645e5

                          SHA1

                          c486fded3f2f59dfa4baf73555632107a82f460a

                          SHA256

                          0bb8f1dcd8318d4a074508fc7157540a0be341f4ae9dae62e1dd8ae82d89a95d

                          SHA512

                          a888d2e71ee6070bf36bca140c48e877b54a835f2276b2ce63fbd032eb3c000be2b441744b41b9e7d040955795adfc9c825697c7c833fe198f39ecdfe2838457

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          8.0MB

                          MD5

                          a01c5ecd6108350ae23d2cddf0e77c17

                          SHA1

                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                          SHA256

                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                          SHA512

                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
                          Filesize

                          245KB

                          MD5

                          f883b260a8d67082ea895c14bf56dd56

                          SHA1

                          7954565c1f243d46ad3b1e2f1baf3281451fc14b

                          SHA256

                          ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

                          SHA512

                          d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                          Filesize

                          11.8MB

                          MD5

                          33bf7b0439480effb9fb212efce87b13

                          SHA1

                          cee50f2745edc6dc291887b6075ca64d716f495a

                          SHA256

                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                          SHA512

                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          0aa09328b55aec44de9f7a3795eaa73d

                          SHA1

                          e36b641f93f80a975132a8d5993a83961dc922ec

                          SHA256

                          141024b97442b20d37fb490b185555cc5630e5f82844da99c42773e22dcfeb61

                          SHA512

                          f2ad990e0b9f5efeb0d2b571cf6037b5d61623259380500b016409a6a4be4a498c7eed522ce1ef4415cdf5c7b2f3a86afde4e9d3425034ded2992cd3259f8d08

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          0d3e0d1821e88eedb769c0e1118da63c

                          SHA1

                          f321918c9e5fcdaffcf01d31d44fc59f2f08f414

                          SHA256

                          7cae0b89dc80317f1ec474dfdfcf63b49e27310386cadda3c6ba15a23ac1b33b

                          SHA512

                          38d23603fad6e8c2d99f3bb1039b4b8067fc154384fbbbbce11eda8070a7fe914e0c6f0ee9235db83cebc6977015d3f829ca5b946777e1a1805209be75f48baa

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                          Filesize

                          8KB

                          MD5

                          eb1a00774aafd1cbb948b0bb1ade9445

                          SHA1

                          328867b7ad485cf249b04ee59a2deab53a76d651

                          SHA256

                          5f94dfe512a746bb5abd54db6d36b5ba6b61012e85ffd697b6cade31f076001f

                          SHA512

                          b1c84f0a5f987f87926629f3230f18b3fa6617c7915c159c545c2090a9c1e49c4e14127a07d5c9df78c858f66ea190d793f11fd56f24df4f4d3aad6214424b93

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          1f071321a60b3df722b37a40c67d8519

                          SHA1

                          3ed373f285cde02383bc547ecb7e3b64384d5c34

                          SHA256

                          9e40b444b4865820d4c62479a3c3bdeb39656ee27ed43334e8a7556143db2296

                          SHA512

                          dd2e75e30a674a45e7724c66ed4a2174025fd5a20b681063eb73eb12e23298272eac48ffb9de7169be924c359326ca1d1e7f385d085567d1e167056810aed281

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          6b84584b27d733cb06b32258b7a9f52f

                          SHA1

                          6df5a62a7c4d98da581736a5adf346b81b7af3a3

                          SHA256

                          7f0c4d0ffded9542eb1fd6f30a281953ac68c846be2345696fe2631ad7a1f29a

                          SHA512

                          16c8c44b6feaedb03a5608fb5c5a3fd98ecb51df79f0f8a6d1ecfd4743806eb46ddc1083703167604a6c104e9e6fe171f74461b4b4dc8c3f9c497d55d9938993

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          72634ac777271f2afce4edb20bb0ae38

                          SHA1

                          328e169ddbd029b4fc2e70eaa97ec48144e110d9

                          SHA256

                          0e1fc20330c0f0f7995db8678e3f38cda18739d873251d415b86a2cc66b50ac3

                          SHA512

                          42d2e02f513d2f1c9e157125ceee70994c41a396b8fac9d3bc255fdc77453ec4213ff9c8b569c8f52f6b942d2775bf8f8dfb32f4f986733d2f7949c7c00520df

                          Download Submit

                        • memory/1296-11-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-16-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-23-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-22-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-20-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-19-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-17-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-21-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-508-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-18-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-13-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-14-0x00007FFCE1D40000-0x00007FFCE1D50000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/1296-15-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-24-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-12-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-1-0x00007FFCE4350000-0x00007FFCE4360000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/1296-10-0x00007FFCE1D40000-0x00007FFCE1D50000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/1296-8-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-9-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-7-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-6-0x00007FFD242C0000-0x00007FFD244C9000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/1296-5-0x00007FFD24363000-0x00007FFD24364000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/1296-0-0x00007FFCE4350000-0x00007FFCE4360000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/1296-2-0x00007FFCE4350000-0x00007FFCE4360000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/1296-4-0x00007FFCE4350000-0x00007FFCE4360000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/1296-3-0x00007FFCE4350000-0x00007FFCE4360000-memory.dmp

                          Filesize

                          64KB

                          Download