Overview

overview

6

Static

static

3

Synapse X.exe

windows10-1703-x64

6

Analysis

  • max time kernel
    272s
  • max time network
    260s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-05-2024 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Synapse X.exe

  • Size

    374KB

  • MD5

    b69c13e0099df6821ba000cb9d39819b

  • SHA1

    6a36cf9a4a9ff90f8ddf21f62db94ef2691b85ee

  • SHA256

    cbff32a11e742c778f5d2d94da6699af7302ec751111b06c37f665768eaf2d02

  • SHA512

    0c7b4d42f46a04574d8adf6d6149e0a81bc4cbafcb2e46557b0bd083f82fdd8dbf7cc166ee0da1cdf5048605f0e83f50a1e064a5c581a97b1aefc4533d9954bb

  • SSDEEP

    6144:H83Kwo3BjOALaQIigh4f86OZUjUKnmuv9uVYwEHCnGuBt+1:Hxz7r86h0uv8V5nxj+1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Synapse X.exe
    "C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2244
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 5432
      2⤵
      • Program crash
      PID:2992
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1952
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4632
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.0.784377650\600742748" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {979a6d1e-2e7c-4fcb-a1de-dc3bbe96cc70} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 1780 1ebe21f1058 gpu
          3⤵
            PID:4416
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.1.1983994474\1140361698" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c0bfe33-4c6a-4007-a94e-f98ecfc32566} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 2136 1ebd7172b58 socket
            3⤵
            • Checks processor information in registry
            PID:4152
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.2.1904177956\713143208" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2884 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d68578bd-eec8-496b-bb18-8183670c3037} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 2860 1ebe63bf758 tab
            3⤵
              PID:2432
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.3.1583029932\646390874" -childID 2 -isForBrowser -prefsHandle 1020 -prefMapHandle 960 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de0d4475-f274-47b7-87fe-0980d44f92f0} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 3500 1ebe7410558 tab
              3⤵
                PID:4984
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.4.964639628\2138451568" -childID 3 -isForBrowser -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7bdd42d-b0e5-49e0-b00f-89a5f6bcb320} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 4348 1ebe84cae58 tab
                3⤵
                  PID:4784
            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
              1⤵
              • Drops file in Windows directory
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:1864
            • C:\Windows\system32\browser_broker.exe
              C:\Windows\system32\browser_broker.exe -Embedding
              1⤵
              • Modifies Internet Explorer settings
              PID:1508
            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
              1⤵
              • Modifies registry class
              • Suspicious behavior: MapViewOfSection
              • Suspicious use of SetWindowsHookEx
              PID:3080
            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
              1⤵
              • Drops file in Windows directory
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:1848
            • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
              1⤵
              • Drops file in Windows directory
              • Enumerates system info in registry
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:2568
            • \??\c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k localservice -s fdPHost
              1⤵
                PID:3016

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
                Filesize

                2KB

                MD5

                1ea438cea39208f5c8ea26b59054a25a

                SHA1

                fd1b6ece7b772ca65bc60881d16d397af47b399f

                SHA256

                b10b8b9b6019f1cd821ab269dd2b76a453d94acf68cb9990bd04c93d57292d6c

                SHA512

                069bc26193e9863432a663ccdb7f7df40711ed3590fc5a19ab92176f6eedeef56c3539b8f745970c20ddc19cdb5f7c6be4c8f99fd6941375f41b0ecf387f774f

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\78810540-4a29-49cb-899e-3385f1ea6caf
                Filesize

                10KB

                MD5

                d8d9fe1aa73ed7cfb8a8fc72b3816b37

                SHA1

                ae76f7f72b4e03a1fd5fca7b18dc11f53a3e10dc

                SHA256

                94964e255013ec9925178cf44c9af76dc7369f0c97c522b9fe07676b69043db9

                SHA512

                785f9a57499bb9ad47d4677f4ab7b6c6a437eddf96171cae663c06548a9628fa19fa488482c82f852a9e92c67af84ba65c1d40be78810ed0f7e56e997231fff1

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\8d728fec-eefe-4669-a7e7-658faf8af85a
                Filesize

                746B

                MD5

                21a6a910514560b000d4a6c78ec98611

                SHA1

                fa0c44cd4160e8ffb4e08fd325991f1b71f2b9c5

                SHA256

                3072f06295f1eda87cc840cb2403813fabdf1c20a16cdc90e79bc8cff08236c7

                SHA512

                f6d1363c0a32b5d8ea888693365b178f243f7cbc349a9e394a19e8506b2c9b6c248fae58c597a5cb55168cac3fb7da67aac2331af29437415510830656943c2c

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                738fa27f5d2ddcfd31ff0c6af408d519

                SHA1

                fb10c2d14a753d8c0b9773b392e681ac103dae77

                SHA256

                fb139db6eefd8e55650e99d599e6e902c3eadd595989fd42b5d96700dd29af97

                SHA512

                10cbaa1178e5e1d045558eca3b7d8ec0d26628fb64e9fd64029a0da580073485c0fdc30c2b19bfe29962351d499742fc42033f1e43e4d4e0cfde2620e2b15ea0

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
                Filesize

                882B

                MD5

                6ab1bcef055c9561af84a167e61ee57f

                SHA1

                1803c4b998f61093338cc3f7b1ab5374275f419b

                SHA256

                fdaec0db0062e4d92f7b1fefd4afdc0ceb13ff66b3dfbf03bd9f2bb19aeb351e

                SHA512

                a0d41cb31e3ffc88945adfa9ffad876e5a02b7909c958ab98733c301495565ef02d84f7c0c4ae968b9b510dddf12e99cd49bd360d35c851ea342b252af1ef402

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                Filesize

                184KB

                MD5

                0d0013d9708d9fef539adc917f5b87f6

                SHA1

                5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

                SHA256

                f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

                SHA512

                851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

                Download Submit

              • C:\Users\Public
                MD5

                d41d8cd98f00b204e9800998ecf8427e

                SHA1

                da39a3ee5e6b4b0d3255bfef95601890afd80709

                SHA256

                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                SHA512

                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                Download Submit

              • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
                Filesize

                379KB

                MD5

                f6a9060d05cf1f0c8c12a0506ff0b0ad

                SHA1

                be705da562a38bced731bebbd75634d0223d1144

                SHA256

                cab9810213ef63fc8c87702c647c7d2d925e48a241560558b80ffc0e818af2fd

                SHA512

                fc6de14e37cfc5ad5b98a6524f8c8ffde0a0b7b08e1262965da5f195d5f9af1b9aec0da374851049c94bf4e47dc94574debfe8d4127e5d07cdea73cb5a4159fe

                Download Submit

              • C:\vcredist2010_x64.log.html
                Filesize

                86KB

                MD5

                f16b4a5f40bcc8974ece2f19ca1bb3da

                SHA1

                340b37365c1f42726f7330fa6b26a67d579f10ac

                SHA256

                d5695c8751cdf00b7bb5dc1ea718dd03902765f462f76ce25dc30004cf4b958e

                SHA512

                0869b37f4d9294d648ff0d1b4ada6e2eda9c7ee1925bdbdbd914d20e8233fe217b9513cff4a42bd4abcfcc6dd1aea73503b3ade1459e3373fee998a401cbe5fd

                Download Submit

              • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
                Filesize

                395KB

                MD5

                fe01bf0f4915989b05a0ec8202468dd6

                SHA1

                2200b920702b62c77e7b85fe7140e7783f12f61f

                SHA256

                c25c9c5f679c128d00d8f30fd980a8210ebf85a0ed793d4c0b27075afa937e91

                SHA512

                a85d49ee1346408ab0dc7bfd04661dfd10db800106197963e391dd79b9087e5aa2116b3754a79e5516e5c079b3241e768f320b9ed910e6b95aa76f112c9ad740

                Download Submit

              • C:\vcredist2010_x86.log.html
                Filesize

                81KB

                MD5

                a7076d1383936ebb9ee05ff446ce60d4

                SHA1

                fb31945e86b2c4bc3c036429bb13c943c29ec2e7

                SHA256

                1d6b9ee7b395ca7becf744e478c6429b9f20d996ed89c0ff16c6ff0877c0d322

                SHA512

                31a42072e2382b8854c2ebbce63659203ff94ee7aba3df9831f5549bcb7523e65c5ed9e5ed49aec8e2837821e6d5b888f01b0f21d8e5a3223314c44d5102bb0e

                Download Submit

              • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
                Filesize

                167KB

                MD5

                c4f61c6c6b3a1e3a7c49e60879dfd7db

                SHA1

                c2ad0ff8ba65e0687a44fc3bdfdd8acb7b706aff

                SHA256

                cddb55cbd4e020265289d22de8178ca2c6e255b6de3245a69462860d638574db

                SHA512

                0ffbd3a9606671368c6e299f51427d7aa1aca832c077481991d9cf128f2fd7912a683edbba594e842703d8c1e1d8b713c63957062ab0960623326272da63a451

                Download Submit

              • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
                Filesize

                194KB

                MD5

                726c7eb21f1ab8c673155b0dd2dbf430

                SHA1

                05cccc3cd6e6dad0c39047f133cb74897ccfced2

                SHA256

                a1537d8eb5380375836c3da7c3c3cb1b258c64bf45d2eed4b60be7b9902ecd7f

                SHA512

                063f9eeb7b0da6ffb92fd85ee52791c241bb87ff9fcc3a8e518c2f2ef9fed2b11a28ce9121fbbc510a6aa7f4f9c0764ae45be40e59da5f90ebfe0c038240ba8c

                Download Submit

              • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
                Filesize

                170KB

                MD5

                2146832e7586e02d844e9c73363e6f26

                SHA1

                60ad831c9a2c57a5f9983594a5951f0d634bb0ad

                SHA256

                bb1dd0691f230be09d42caafbb0a26682a2b32cd484ee1f5f5b02afbbccf779c

                SHA512

                b6a2de026b0a5fbb011f158d6190bc4ed598a26b79f01ea0e449aff3de05aff369a9c403387572368f1cc768b7e5b02177cff903f2996d0de49a008e27c4969b

                Download Submit

              • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
                Filesize

                208KB

                MD5

                9c3de548d8241bbe9de108c3abde9e41

                SHA1

                9f5fced8af54b51dfa63fda3cc5890348dcd3e18

                SHA256

                ee6345de48b6828a76d15ce8e8bcfd3e9038dd10ebff9b2d09207abb05b2f876

                SHA512

                df4b42217ffe71e3e486609022c17ee16bd7bc1e26eb7fa3fde95aa1a78920fe0cbfd8751791836d7805b47cb6d675869c77d9e5e7eb5223d4e5e31d428a8740

                Download Submit

              • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
                Filesize

                169KB

                MD5

                571b18afce29f72f7495a865793ec59f

                SHA1

                12edc0ac72e0924b9971ddc0dbf3bf8c0f7cefe5

                SHA256

                e501d664c46545dcd8b8182fa902ad5b2ad24dbbaea757d73b7bbdeafe899dbc

                SHA512

                28b1365f7181f886c6ba6099ca1c2297189c143c9adc5fe0bee3afa16f0dcc191cf8fc54cfdc4b59a79f1fd908208b30ad9d1d753f0df7ed0924914e3c271dcf

                Download Submit

              • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
                Filesize

                190KB

                MD5

                852455b795c8fccc3982f5f50697bec2

                SHA1

                6e3bf2d624660e5982158d281c9d0d2503c1eeb5

                SHA256

                103300e9b370b4e6efbbdc86e102f6b1c4cf0674ccd5a47b1acb29d584e6c12b

                SHA512

                c54c9c106d98304c4f7475952776d6e54c1828c9141940276906c4fcab49a0e8b7a56cd240f5e63b6793e6678e0d715f617b4ca5dcdefa59560768fb08a63cdb

                Download Submit

              • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
                Filesize

                169KB

                MD5

                5dab99d548d20c94871e85606c6e8aca

                SHA1

                472f1b09921d5e0596d88a8dceec246a1dc067a3

                SHA256

                a5710d5dd5804d9aa0012f8317bec7803e4ecf2fe7dd111f05d65f1d170f0e64

                SHA512

                160261b7ee07ff35f2d4090b6146fd489975087224e413e7d84aa1fbbd50372b2647b16c849501b0ef5df01a81425d508b0123d38a34aca7398c3ab2772aaeaf

                Download Submit

              • C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
                Filesize

                198KB

                MD5

                761e1a3225ae0904e4f81f0636345af4

                SHA1

                1d89a2cd0bbb681fde97c6c48d948dcf502ae01e

                SHA256

                bcb558b00f09d5c7fc5f236b3c65407a67893bf08e6017841c514ad55967d59c

                SHA512

                2dae9882c47070455cd91073625a73b0080b35a647c618b576c96bc6570089f2000cac9c7d1ec8f3c27dabc7a1afaab255a9e039701481ce2aee3d5b65ec4856

                Download Submit

              • C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
                Filesize

                122KB

                MD5

                b392bd74c25d9d08a28d05eed590bd9d

                SHA1

                2973c73ef9c67e638066f31dd83f8466673ee574

                SHA256

                85ae96304021e570e09d49d9a48b8689c4c5150f01a463a74a6550430c6ec1fe

                SHA512

                fb45bb49cf265a5a7a5b07e026a62701fe5bb4cac394c9bab50c6002661e52306842546c6743fcb14a8e5915223a54671bc4995706a9059634c9d1cc5b29f5c6

                Download Submit

              • C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
                Filesize

                129KB

                MD5

                a1a9c38034418a0f640cb7973462bfba

                SHA1

                3f413a838ab38af76e39bc3a8469932bbb84c0c8

                SHA256

                3881f382428385862ec86b1b6b2b91277c59400de7b438ac4a79b7e2c01f26bc

                SHA512

                06384b3801df01b80cc10736705ba097cf1c8aa09166b6d339b0c793616a560a01dbf5ebe24e6833160e50a295e40e36b63de91ebc8ce018a4b3fdbd98c9c000

                Download Submit

              • C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
                Filesize

                123KB

                MD5

                77137cfb7777986a8a97bc5e8d98a214

                SHA1

                629e1c7a51965124134f122ccdaa67d3c8e489c7

                SHA256

                93563a7c7c1f732d8f698bc7caf070b404f047664c1e6d2ce45d1ba1afea2c1e

                SHA512

                d0942c455b0f4cd6effb3b4e6fc506ae4b545f452b6c2a3e64343f22a86a23b65059d1505c4827eb26111440e89f404b8dd0d2ba76f5329d4e97084214c55260

                Download Submit

              • C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
                Filesize

                135KB

                MD5

                8d748b916f7edd3dd6b6aef91d3c6f6e

                SHA1

                3ec655c3c929ccbf97054b8ae69d5b5b0aab9500

                SHA256

                07d074df78ddb8a1ce37176dda33320c433c9b5c87b8a7a44ee4ce79fe2aa336

                SHA512

                8f6cf15334d440a1f2c9e891f3e322ec69bd6e3e200cfd14660c6e5b9ca985330e2422edb4c4626be2a1eb4b4029d9cde6b2852b91c659e83b935fca6cdd8990

                Download Submit

              • memory/1848-217-0x000002D59FE00000-0x000002D59FF00000-memory.dmp

                Filesize

                1024KB

                Download

              • memory/1864-208-0x000002721BCF0000-0x000002721BCF2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1864-234-0x000002721BCE0000-0x000002721BCE1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1864-189-0x000002721EA20000-0x000002721EA30000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1864-173-0x000002721E920000-0x000002721E930000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1864-227-0x0000027222C50000-0x0000027222C52000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1864-230-0x000002721BEB0000-0x000002721BEB1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2244-5-0x00000000732E0000-0x00000000739CE000-memory.dmp

                Filesize

                6.9MB

                Download

              • memory/2244-1-0x00000000003D0000-0x0000000000432000-memory.dmp

                Filesize

                392KB

                Download

              • memory/2244-0-0x00000000732EE000-0x00000000732EF000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2244-7-0x00000000732EE000-0x00000000732EF000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2244-6-0x000000000C540000-0x000000000C578000-memory.dmp

                Filesize

                224KB

                Download

              • memory/2244-4-0x00000000732E0000-0x00000000739CE000-memory.dmp

                Filesize

                6.9MB

                Download

              • memory/2244-3-0x0000000002640000-0x0000000002646000-memory.dmp

                Filesize

                24KB

                Download

              • memory/2244-2-0x0000000004BB0000-0x0000000004C2A000-memory.dmp

                Filesize

                488KB

                Download

              • memory/2244-8-0x00000000732E0000-0x00000000739CE000-memory.dmp

                Filesize

                6.9MB

                Download

              • memory/2568-240-0x00000214E2900000-0x00000214E2A00000-memory.dmp

                Filesize

                1024KB

                Download

              • memory/2568-245-0x00000214E3100000-0x00000214E3120000-memory.dmp

                Filesize

                128KB

                Download

              • memory/2568-269-0x00000214E3280000-0x00000214E32A0000-memory.dmp

                Filesize

                128KB

                Download