ec175ebd158f304483c4b83baeae9087de2441dcacf034e4651ff6f91908c671

Analysis

max time kernel
1790s
max time network
1510s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
26/05/2024, 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

5.0MB
MD5

caac5a53470b5954a50128e9435ef196
SHA1

b1b44b0503e10928ae6ce640bd16103f877eab50
SHA256

ec175ebd158f304483c4b83baeae9087de2441dcacf034e4651ff6f91908c671
SHA512

0eba886c8a77f983b554e9a8c162af80195b6fcfe8ef4af9c9437d4a31b4ca4c59ce451a9bfe86033b60c297f68652d4b8cc86788794b9eb515f417ab55bda9c
SSDEEP

98304:7kL3mhPAI7wCOscLj29ywLe3CV1OorsfKXUlYhvFGAJsAQa+:wW8CcPDwLQCVNrsf6qk7JpQf

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000100000002a9c7-148.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
5072	Setup.tmp

Loads dropped DLL 7 IoCs

pid	Process
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002a9c7-148.dat	upx
behavioral1/memory/5072-152-0x0000000000940000-0x00000000009AF000-memory.dmp	upx
behavioral1/memory/5072-156-0x0000000000940000-0x00000000009AF000-memory.dmp	upx
behavioral1/memory/5072-220-0x0000000000940000-0x00000000009AF000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 32 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Setup.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Setup.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Setup.tmp

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5072	Setup.tmp

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5072	Setup.tmp
5072	Setup.tmp
5072	Setup.tmp
3000	MiniSearchHost.exe
5072	Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 5072	988	Setup.exe	78
PID 988 wrote to memory of 5072	988	Setup.exe	78
PID 988 wrote to memory of 5072	988	Setup.exe	78

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Users\Admin\AppData\Local\Temp\is-SOCCC.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SOCCC.tmp\Setup.tmp" /SL5="$40214,3940425,902656,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5072

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2f23663111658be2ba0b273463ff5e60

SHA1
c2af77369b83a0177bfdb90c11fad4c5f897a983

SHA256
eab4709a1ad32b0b87a53d307893899eb3ee26c6a59a1b34fe83062c79817513

SHA512
e0fdfe555a47709cbf14c4c22498c89c3e8fd61c5b40806b9dd06aee20fbdcd3d9c4f7861d1183df15e9c64ed25828f97c8292bc6b4a700d3d4586433bf45bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\ARC_Optimal.ini

Filesize
10KB

MD5
ec40d4afe76e343f6699f43c39dd7de1

SHA1
0ac4b653f41d86bab65c93e21cd75237d5e535de

SHA256
b4bcacce0c757095a5d93c1e7f19ee5e4642fd93b60af2652df3effb63f35ebd

SHA512
f21f000cea6545b620ca54a38ff138964110de83ae21cdf26037f8ae432b5b19dc9f8bb7fb8d1c76cde0817700526fba4c5678b80a2110c5c1de9b69fda1c632

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\CLS_Optimal.ini

Filesize
629B

MD5
2b1d9582b95786dc0c480bdb1bc8d1f1

SHA1
bc97abe4b7a28f6f6bf71fb35cb0741d7bdce674

SHA256
0b41a8e1110d397983ad35b1b0f6c34a05d9a4f43cdd698a0928718516d8987a

SHA512
32beb60944acea28d792b56df26f688a127c89db3591cd3ff360bce8dbcd8e4f386cac5fc976dac4e4a289969a3e344cf0ca5df5938803eb08b8da7073ed35db

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\ISDone.dll

Filesize
452KB

MD5
4feafa8b5e8cdb349125c8af0ac43974

SHA1
7f17e5e1b088fc73690888b215962fbcd395c9bd

SHA256
bb8a0245dcc5c10a1c7181bad509b65959855009a8105863ef14f2bb5b38ac71

SHA512
d63984ee385b4f1eba8e590d6de4f082fb0121689295ec6e496539209459152465f6db09e6d8f92eec996a89fc40432077cbfa807beb2de7f375154fef6554bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\Records.ini

Filesize
163B

MD5
d7eb454ff458f367271d285b33ad68da

SHA1
f24d71fb4a4c6ed24dade9337ecc46925ea4592a

SHA256
216d6c99f4858c55260e532ef1bd8c6cc9051322c68c5872a6208a1f652b3bdc

SHA512
8496c22a2420acb365a24d90123702944a8ebc69b288f6dae96753da2a695b84b88b6084eb81e9596f815eb7c4c31d28f0e68c487f6eb71b52f33be704f33ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\Settings.ini

Filesize
14KB

MD5
8854b82d0bf7c385d3b3c77af6a18a46

SHA1
ffc031bf912e591bc4dcb901847c9cb5ea77e108

SHA256
cdff966659bfdc51e28b55fc13410fcc9bcc11b6ba4573e612b3d6dc4e372512

SHA512
3e1905889f2aed208f28b0a56c22bd2b6018e635a5c3d8840819f61d82167206ace56c301a6bfc85901cad8fd9f59828921e48f9de4fc5a95127a7bdd430511e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\SplitLib.dll

Filesize
131KB

MD5
f88a327b7750da6f26231a1469d39f8b

SHA1
10ce445cabe9f58ec3ec1c8710ec0e7dd3e12f35

SHA256
f616d3c1663a5114e3c05f4427e16ebaae6ac7cd4a333a7c8c4dafcab5de1ea9

SHA512
58677241f57f18409ff5327b847a4124399fc4adfd991f71aeba9b0beea7dc8fb4924e85487627f660f23ef2fc2aa2affc69963b47548f9e69b88401690177a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\UnArc.dll

Filesize
333KB

MD5
56a2bcecbd3cddd6f4a35361bf4920d6

SHA1
992e63be423f0e61093ba183f49fc0cbec790488

SHA256
5fcfac18758a12e0e717a5189f379922a32b5ac12f26491e638d70b54ae1dcab

SHA512
473cbdf760242db1f0f1d0c27046c0564998f2bf931ad03feb28af3c7bd253d00e6f0836dadf37f29e0db4171eb64e6a15ed4cb9a9d28b48fb0aab601573f551

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71H03.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SOCCC.tmp\Setup.tmp

Filesize
3.1MB

MD5
39338b58cb777ed571a7ee2b4acae4e2

SHA1
85b059ea3ed9d86946f806fb256437697e9f4889

SHA256
fe2cfd99de1affbb1e18339f0eea055d925781cfa4c94507e802110f52e22f7d

SHA512
b3802d39877595f24a6907765655a5cc197c9de1e922e1ef7f006de83749ac242e7ffd6c27ab26a6e2e8efb3d49192dc3cf409d33d668f75c5b35f6d73941023

Download Submit
memory/988-110-0x0000000000400000-0x00000000004EA000-memory.dmp

Filesize
936KB

Download
memory/988-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/988-0-0x0000000000400000-0x00000000004EA000-memory.dmp

Filesize
936KB

Download
memory/5072-36-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-28-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-73-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-71-0x0000000005650000-0x0000000005651000-memory.dmp

Filesize
4KB

Download
memory/5072-69-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-68-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/5072-67-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-64-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-63-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-62-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/5072-61-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-60-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-59-0x0000000005610000-0x0000000005611000-memory.dmp

Filesize
4KB

Download
memory/5072-58-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-57-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-56-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/5072-55-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-54-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-53-0x00000000055F0000-0x00000000055F1000-memory.dmp

Filesize
4KB

Download
memory/5072-52-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-51-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-50-0x00000000055E0000-0x00000000055E1000-memory.dmp

Filesize
4KB

Download
memory/5072-49-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-44-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/5072-43-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-42-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-41-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/5072-38-0x0000000002F70000-0x0000000002F71000-memory.dmp

Filesize
4KB

Download
memory/5072-37-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-75-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-35-0x0000000002F60000-0x0000000002F61000-memory.dmp

Filesize
4KB

Download
memory/5072-34-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-30-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-29-0x0000000002F40000-0x0000000002F41000-memory.dmp

Filesize
4KB

Download
memory/5072-27-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-74-0x0000000005660000-0x0000000005661000-memory.dmp

Filesize
4KB

Download
memory/5072-72-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-66-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-65-0x0000000005630000-0x0000000005631000-memory.dmp

Filesize
4KB

Download
memory/5072-23-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/5072-22-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-21-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-79-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-80-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-47-0x00000000055D0000-0x00000000055D1000-memory.dmp

Filesize
4KB

Download
memory/5072-20-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/5072-45-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-81-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-46-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-19-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-18-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-40-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-39-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-82-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-32-0x0000000002F50000-0x0000000002F51000-memory.dmp

Filesize
4KB

Download
memory/5072-83-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-33-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-31-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-25-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-26-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/5072-17-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/5072-109-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-76-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-48-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-113-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-152-0x0000000000940000-0x00000000009AF000-memory.dmp

Filesize
444KB

Download
memory/5072-156-0x0000000000940000-0x00000000009AF000-memory.dmp

Filesize
444KB

Download
memory/5072-70-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-24-0x0000000002DA0000-0x0000000002EE0000-memory.dmp

Filesize
1.2MB

Download
memory/5072-15-0x00000000051B0000-0x00000000054CA000-memory.dmp

Filesize
3.1MB

Download
memory/5072-6-0x0000000000400000-0x0000000000725000-memory.dmp

Filesize
3.1MB

Download
memory/5072-220-0x0000000000940000-0x00000000009AF000-memory.dmp

Filesize
444KB

Download