Overview

overview

10

Static

static

3

2024-05-24...ry.exe

windows11-21h2-x64

10

Resubmissions

Analysis

  • max time kernel
    83s
  • max time network
    84s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-05-2024 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_2c0a37f96ff7d5c08ebfc94d40b18606_wannacry.exe

  • Size

    5.0MB

  • MD5

    2c0a37f96ff7d5c08ebfc94d40b18606

  • SHA1

    8db8602e6400aa0a980c0a046324dad968655cae

  • SHA256

    d5bee2f82f619aca6f3e967112e37f1797a996f268fa3ed6236ba8adba140fe1

  • SHA512

    2786d276253d810bedb7fff04cc7524acff358c7c66d7b173d429d29dee6793adf65f673aa8087cd45df3923e5a0513e8dd199ed0c650f0916217f89690f89ae

  • SSDEEP

    24576:QbLguriI/MSirYbcMNgef0QeQjG/D8kIqBbOSSqTPVXmiHkQg6E:Qn9MSPbcBVQej/BSqTdX1HkQG

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Contacts a large (771) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: AddClipboardFormatListener 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 53 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_2c0a37f96ff7d5c08ebfc94d40b18606_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_2c0a37f96ff7d5c08ebfc94d40b18606_wannacry.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      2⤵
      • Executes dropped EXE
      PID:2520
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 8
        3⤵
        • Program crash
        PID:3492
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4172
    • C:\Users\Admin\AppData\Local\Temp\2024-05-24_2c0a37f96ff7d5c08ebfc94d40b18606_wannacry.exe
      C:\Users\Admin\AppData\Local\Temp\2024-05-24_2c0a37f96ff7d5c08ebfc94d40b18606_wannacry.exe -m security
      1⤵
      • Modifies data under HKEY_USERS
      PID:4624
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\CloseComplete.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4396
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2520 -ip 2520
      1⤵
        PID:2676
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\UpdateMerge.doc" /o ""
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2440
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\WriteRevoke.dotx"
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2284
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1400
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\UpdateGet.temp"
          2⤵
          • Checks processor information in registry
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1492
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:4988
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7065AFC45209B5CE6B9A3DD4BC3E85D6 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              4⤵
                PID:2408
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=534B5E52D0D14601320DE03E853F0501 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=534B5E52D0D14601320DE03E853F0501 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
                4⤵
                  PID:2028
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C4A8EF30143DC5305E3058416A267194 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  4⤵
                    PID:2976
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=357CB9852A3756F9E678E09D7160F181 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                    4⤵
                      PID:4256
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AEEB014B787D70BE0E80531C300789B8 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                      4⤵
                        PID:1412
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:808

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json
                    Filesize

                    21B

                    MD5

                    f1b59332b953b3c99b3c95a44249c0d2

                    SHA1

                    1b16a2ca32bf8481e18ff8b7365229b598908991

                    SHA256

                    138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

                    SHA512

                    3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json
                    Filesize

                    417B

                    MD5

                    c56ff60fbd601e84edd5a0ff1010d584

                    SHA1

                    342abb130dabeacde1d8ced806d67a3aef00a749

                    SHA256

                    200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

                    SHA512

                    acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json
                    Filesize

                    87B

                    MD5

                    e4e83f8123e9740b8aa3c3dfa77c1c04

                    SHA1

                    5281eae96efde7b0e16a1d977f005f0d3bd7aad0

                    SHA256

                    6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

                    SHA512

                    bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json
                    Filesize

                    14B

                    MD5

                    6ca4960355e4951c72aa5f6364e459d5

                    SHA1

                    2fd90b4ec32804dff7a41b6e63c8b0a40b592113

                    SHA256

                    88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

                    SHA512

                    8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog
                    Filesize

                    21KB

                    MD5

                    549612f0fa584772b26dedc8ff053bdb

                    SHA1

                    cf7d6f497095653c84656194701656afc2ddbcf3

                    SHA256

                    ae756a4ae6b321c5d8d12894d6e52552b6ea11b6e65d154945ceeef5bd9765aa

                    SHA512

                    880359eb7b6723171cfc94c4cd873d60727bbb3c421d3a827f1db90b6159d8673c5481ff51c24e02a260c486ad8b340dd8769c1dffb335f7eb82da9000135e1f

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db
                    Filesize

                    80KB

                    MD5

                    f3124e6225b2141dc1a2ae366935be34

                    SHA1

                    002c211bcab5a26fee4944b0287f8c170e683e86

                    SHA256

                    ce31fea235073bea16257109ae4cf161362f8d9bd5b7b55bfcf97452aa18a495

                    SHA512

                    483408d9872b52d2d1cd2d78b08b03c4ccd4274505dc574cdc31896e3798602d9b2c4cfe786fc9224f89dc60b2640f455fd1cc1591016ad9dfc494c7877fa922

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal
                    Filesize

                    8KB

                    MD5

                    5938708667a8c5dcf415bd2b5f3d8c03

                    SHA1

                    392418ae214ccb7a0978090e454663dd1c8a9945

                    SHA256

                    f66b6f537a73d09b544c1228a29da4490e142449dc1c801741cd8b3235870838

                    SHA512

                    359053c719b88a14c9fa6e442a0c4403bb7e8754904926e723bb4a51fb76838a66934c9e64d7013bca4ce251fd02b8e00ea58fb2847df91bf56eb58e4f0343d6

                    Download Submit
                  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                    Filesize

                    255B

                    MD5

                    83a72896b20b097b70480f5bde2ca417

                    SHA1

                    10e9c5de708aef7b8c3058353ca08893739d2858

                    SHA256

                    dca2133ae188c1742c2e63966ad271290962c9f73e1ee04dade4b00ebfdf2af4

                    SHA512

                    2997a7d7d3a14484b8a362601660d83aeede6e10973ebfbfa3c5479a56e9dd2f6f07816db894dec21e5ec8fe3464c41e94afbfeb37c65d548ccc023ff746c0d5

                    Download Submit
                  • C:\Windows\tasksche.exe
                    Filesize

                    2.0MB

                    MD5

                    0df2e405e05197a71c3f26322f7d4585

                    SHA1

                    ffe20a98db98e041f8ba875e16c492105aca223f

                    SHA256

                    bffabfbdd1fdca2c88b929a026d26804bf94445ee1a51467e16386e824ca9746

                    SHA512

                    dc351dc2805409ee2fa55dcc2ffcd1978c08607679d8aeb1c2161b64bee053fe5b3bc96c95232abf585b3dfde1189410bd9471fdfa44f286c9afc173c9223bf1

                    Download Submit
                  • memory/4396-21-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-17-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-14-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-12-0x00007FF843CC0000-0x00007FF843CD0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-11-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-9-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-15-0x00007FF843CC0000-0x00007FF843CD0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-16-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-18-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-1-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-20-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-23-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-19-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-24-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-25-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-13-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-10-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-48-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-47-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-46-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-49-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-50-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-7-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-8-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-0-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-3-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-6-0x00007FF886040000-0x00007FF886249000-memory.dmp
                    Filesize

                    2.0MB

                    Download
                  • memory/4396-4-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/4396-5-0x00007FF8860E3000-0x00007FF8860E4000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/4396-2-0x00007FF8460D0000-0x00007FF8460E0000-memory.dmp
                    Filesize

                    64KB

                    Download