Overview

overview

4

Static

static

1

CDU_Express_vC3.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    291s
  • max time network
    281s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30-05-2024 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CDU_Express_vC3.exe

  • Size

    4.4MB

  • MD5

    af208a5acc6258d3c80fe556752c6a83

  • SHA1

    0ae4b7f8999e2b8a1161fdeeb70041d3de22acb1

  • SHA256

    41e81d2b5ced1fc8e3c8f68047b0b276c2291717e3bcd467cb9ee7934e9cdbb7

  • SHA512

    1544f822d1500cbf419ab7426cdb85d9af0e579e45a00d89d4d2aebb9f0df983e93d58c9a356a3c6d10ef8308fd834aabcac93b7c92cb2b7cf0bd06f5c3fa1b0

  • SSDEEP

    98304:zetxkn7D9ZYJMVnSfGYdWtyN07vfI27zhgtGi7wnpAyhSAlw:zixWv9ZrSOYdWtyO7HZlYeh3lw

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CDU_Express_vC3.exe
    "C:\Users\Admin\AppData\Local\Temp\CDU_Express_vC3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Users\Admin\AppData\Local\Temp\is-3PCIR.tmp\CDU_Express_vC3.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3PCIR.tmp\CDU_Express_vC3.tmp" /SL5="$50216,4222831,121344,C:\Users\Admin\AppData\Local\Temp\CDU_Express_vC3.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Valeport Software\CDU Express\Program\CDUXpress.exe
        "C:\Valeport Software\CDU Express\Program\CDUXpress.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Valeport Software\CDU Express\Manuals\SoundBarII.pdf"
          4⤵
          • Checks processor information in registry
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2484
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1472
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BFB1BB8867E1F553FFB36E5750EFB189 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              6⤵
                PID:4228
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5A26C5403F476FEFADFE269A1FAB0C7B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5A26C5403F476FEFADFE269A1FAB0C7B --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
                6⤵
                  PID:2936
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=52F566FB6A6A4299CEEB22747DD53891 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  6⤵
                    PID:2264
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8E9F818811122E4606FE4578FC47448C --mojo-platform-channel-handle=2360 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                    6⤵
                      PID:2160
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5779FB5C207493F26011847E38626F52 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5779FB5C207493F26011847E38626F52 --renderer-client-id=6 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job /prefetch:1
                      6⤵
                        PID:1660
                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C5CDF174E754969EDBBC6C9AF0BAB28 --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                        6⤵
                          PID:2752
              • C:\Windows\SysWOW64\DllHost.exe
                C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                1⤵
                  PID:1792
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:2004

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    36KB

                    MD5

                    b30d3becc8731792523d599d949e63f5

                    SHA1

                    19350257e42d7aee17fb3bf139a9d3adb330fad4

                    SHA256

                    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                    SHA512

                    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    56KB

                    MD5

                    752a1f26b18748311b691c7d8fc20633

                    SHA1

                    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                    SHA256

                    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                    SHA512

                    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    64KB

                    MD5

                    495859322598749e7f857591c5f6f816

                    SHA1

                    a5a11d98b8e28f0459cb2ff12cbdcad7252365e7

                    SHA256

                    3dab7c888e5e93d9c1e1a3dce629c29f76ebebce3e410c2b5389a59fe1244cf5

                    SHA512

                    201b65a85278e14350e74d79c96c820bb5c9620bb14e29340218317e0b85d89ef92e5ec3171050a5b962d845aa5b2f56cce6a3ff7e2617865e22d7fd4363964a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\is-3PCIR.tmp\CDU_Express_vC3.tmp
                    Filesize

                    1.1MB

                    MD5

                    e932b37c3ee4c40a45da0c7372e2a7b2

                    SHA1

                    d3e05cd3a43eb449d2407cc8ad05d2cd9a848455

                    SHA256

                    00a6a936e8a3b5452e45e9e80241bdfef558981c3dd8cb3a21e49131cc0f1a43

                    SHA512

                    0eee19a8133ed7cbc34c1c4736ed972dd79a9c2e18d6105620d44c730676732baf7eb14801724b56a56094df48cd8da9b42e8ef90093895e7aad8208629f534a

                    Download Submit

                  • C:\Valeport Software\CDU Express\Data\0106\is-5KIBH.tmp
                    Filesize

                    7KB

                    MD5

                    e294cc438013b9e9b5c6867204f43308

                    SHA1

                    df6a6e1fb87bef319d11054a4a6766a7edb41e04

                    SHA256

                    7fc7d6ae3ab45e5e51551cfe7d6c6f6a60665a20577e07f93cb577093fbb57ce

                    SHA512

                    6f45c0f072409ae39a9e87bccd95858583eba31d3c851e09db7fcaa879f8f49f0f2005c38fddbe7025baf083221406fd11ac31adad40a2655f38dfbd615ea2b5

                    Download Submit

                  • C:\Valeport Software\CDU Express\Manuals\SoundBarII.pdf
                    Filesize

                    192KB

                    MD5

                    0388f3bc7057ede21ffe1aeab6bdb592

                    SHA1

                    782929d45b90c7c7de9aa3f54594b338d868499d

                    SHA256

                    946fb1c56f9f3f1fc39ddde4ff119bb35e3e3ad72e26bee911eb80fa758e014f

                    SHA512

                    34c628c930ba22436e991744827ed9057e3d94700bb9c2935462766ab906633b4d974fe13d7c30eacd7bfda178d5b498c7123ffea503c7f83f34559d328086a5

                    Download Submit

                  • C:\Valeport Software\CDU Express\Program\CDUXpress.exe
                    Filesize

                    8.8MB

                    MD5

                    37ae32d50d05077336c418a7abcfd471

                    SHA1

                    05101a501b740a518004bc63d648f4b99e61e51d

                    SHA256

                    ad65aad9f31a31196ae9b2ddf8a094f5de029aad28fc6d8997843e624ea297ec

                    SHA512

                    4c1df840d36d2a7848943c334577a4e89987b1ab7ec384e20471870a949b23efe92b59193b2eb86c24f523a898abdcaf1b49ed5ee158c3dadf37afe4b91c1be8

                    Download Submit

                  • C:\Valeport Software\CDU Express\Setup\CDUXPRESS.INI
                    Filesize

                    1KB

                    MD5

                    f9ecd6e58ef184d350bb6120707950a4

                    SHA1

                    ff6c438a2df89b25809f90bd067f6bfeacef3851

                    SHA256

                    63abde1fb44bafd6564e61d78f2ea2368bbf9d635e2c8ff30643267561891562

                    SHA512

                    04646b850afeea23e5f1f634a83ca2113094dc41c9e95119a07da1a40ca3051b3a48cdcceb3fa2b055e3a48b6ba4606c7b0bed12f9ce1f78e80193ff304df8fe

                    Download Submit

                  • C:\Valeport Software\CDU Express\Setup\colsizes.ini
                    Filesize

                    53B

                    MD5

                    8132b90fe07e9a4a625c80d28125cb76

                    SHA1

                    43e03a617d6d70aa0dc6610a770eba65e12da3a3

                    SHA256

                    411ca50f0c1573608b5ae89d471b28e4d30990a55841a412bc6d5f6cbf817f7e

                    SHA512

                    45bfad0839e535e7d1f815ed9514d8867931c7e7b8330724382b8b603678395f1c9e986eef74f6582fed68c37e72eeb501e41b032a677d9ec69fc0f7e3fa6594

                    Download Submit

                  • C:\Valeport Software\CDU Express\Setup\colsizes.ini
                    Filesize

                    53B

                    MD5

                    cbf0d604a0f5e54a83400e5c89e3e3f0

                    SHA1

                    d0c2989800676a10b56038dd8577a605dbac8425

                    SHA256

                    9321174dd59e3fa15a7be75cae403577c5e50d4325d665add3aa5f01f370ffd1

                    SHA512

                    3ad2b79ba744af009f4efb81532b5e408a56b04ff6cf99e5e31ef056b39b71c7aa468ad16392d3cfe347293c3fe5ed209fdb8a9d17a324717a27b3051684a3ff

                    Download Submit

                  • memory/1076-13-0x0000000000400000-0x000000000052B000-memory.dmp

                    Filesize

                    1.2MB

                    Download

                  • memory/1076-94-0x0000000000400000-0x000000000052B000-memory.dmp

                    Filesize

                    1.2MB

                    Download

                  • memory/1076-11-0x0000000000400000-0x000000000052B000-memory.dmp

                    Filesize

                    1.2MB

                    Download

                  • memory/1076-100-0x0000000000400000-0x000000000052B000-memory.dmp

                    Filesize

                    1.2MB

                    Download

                  • memory/2940-111-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-126-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-105-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-103-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-295-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-114-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-102-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-119-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-122-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-123-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-125-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-104-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-127-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-134-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-291-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-157-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-95-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/2940-181-0x0000000000400000-0x0000000000CE2000-memory.dmp

                    Filesize

                    8.9MB

                    Download

                  • memory/3844-12-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download

                  • memory/3844-2-0x0000000000401000-0x0000000000412000-memory.dmp

                    Filesize

                    68KB

                    Download

                  • memory/3844-101-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download

                  • memory/3844-0-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download