Overview

overview

10

Static

static

3

PSC zip.zip

windows10-2004-x64

1

password.jpg

windows10-2004-x64

3

safe-archive.zip

windows10-2004-x64

1

hash.bin

windows10-2004-x64

3

setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    792.0MB

  • MD5

    d99235956d2438017dce77cbf6cb1176

  • SHA1

    4121d8636b556b9da48081b2d818f3dcde3ac9a4

  • SHA256

    74134cd0030b7681d9f753f8ecf68bf14937ba0261522bf05e5bef564cd8b8b0

  • SHA512

    f090c7d82daf9f3ae9582e1d40f22272cb7e8911eae20c312704c7b814005816c8a78960b0ec21d376443db3c49c9d012052aa1f5692167b514fcf3211841351

  • SSDEEP

    98304:rOuBF3zj5prjsd8VNCofaoUhXo8uG9pmSgQ7gCbHRd3bcEo:qunj5prvX8uGxgQZLcEo

Score
10/10
privateloaderevasionloaderpersistenceprivilege_escalation

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 1 IoCs
    evasion
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Modifies system executable filetype association 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Modifies firewall policy service
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3616
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:940
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:4468
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4948
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
          1⤵
            PID:880
          • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
            "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
            1⤵
            • Modifies system executable filetype association
            • Checks processor information in registry
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:3656
          • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
            "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
            1⤵
            • Modifies system executable filetype association
            • Checks processor information in registry
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious behavior: AddClipboardFormatListener
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:4020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
            1⤵
            • Enumerates system info in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:4732
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9a65346f8,0x7ff9a6534708,0x7ff9a6534718
              2⤵
                PID:1000
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
                2⤵
                  PID:3584
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4716
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
                  2⤵
                    PID:4008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                    2⤵
                      PID:1544
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                      2⤵
                        PID:3616
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                        2⤵
                          PID:2868
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
                          2⤵
                            PID:1404
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
                            2⤵
                              PID:864
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3968
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                              2⤵
                                PID:3164
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                                2⤵
                                  PID:436
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                                  2⤵
                                    PID:1388
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                                    2⤵
                                      PID:1688
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
                                      2⤵
                                        PID:4576
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
                                        2⤵
                                          PID:3276
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17888589405486547096,17358892160571612318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
                                          2⤵
                                            PID:4688
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:3784
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:1736

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              4158365912175436289496136e7912c2

                                              SHA1

                                              813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                                              SHA256

                                              354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                                              SHA512

                                              74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              ce4c898f8fc7601e2fbc252fdadb5115

                                              SHA1

                                              01bf06badc5da353e539c7c07527d30dccc55a91

                                              SHA256

                                              bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                                              SHA512

                                              80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              e22b6e79fe19ea8da264dccb9275d29f

                                              SHA1

                                              59320e604b7ebbfe360ab31d9d056eae69efb881

                                              SHA256

                                              70754d435bfffde36bd97aadc3987f938d22fdb851125998f29120af386ac1cd

                                              SHA512

                                              5a74bc93dc7c38e86b16ec58a9f930040957b4d2e434143d7571ac663ad954c8e555177942dac556b08b144aa788dd4dd2765e3169c6b882f30407aaca592ed4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              35ecec8ba59885c5f5a7a81e9cc234f5

                                              SHA1

                                              eea7865a6b365588e26374070ccb1517cabe26b2

                                              SHA256

                                              e5ad376dd7cdfbc93933540740df89710b3241135ac14ac9e01b2c1b462f0c2d

                                              SHA512

                                              68e4295e6552d4c080fdaff10b26e6162f4d719ae65baa14e88c7224fac7910930417a5aa18edf7f18cc15a09c2ba25559f6c847df1b2f1b0ac598e359c7ee34

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              67f2d2c447bd96098537ce84c855b70e

                                              SHA1

                                              a87d689f6b4a0a7b1cf8d351647bfdde5e804a33

                                              SHA256

                                              47138a024d48520fed8be4f5c8a26b20fee78565235d86b8c88afd0167a223a4

                                              SHA512

                                              08a57d59b4a6f226b106f14f908892ff663ecf10c27274c5410eab7c792a9b30d571e067b346bd0a2f0b2bbb2adaef962f193c9b95fc778f5b8ab0d31de9c96d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              8KB

                                              MD5

                                              19c992c9e0e00fbf8a8e63ac63cf29ef

                                              SHA1

                                              9e5962397de181cc695d3327d643e31cec8797d0

                                              SHA256

                                              67e066cdb5ed266d0a4a29f13efb121a4e54e349074624948f20d792db2e9533

                                              SHA512

                                              ad8e0efd2bb3d3b255b8511c11eb5bc7e1ccb539836bc9b91a9eea0b67f1e75a7e99929bb09bc56049f582f77222c99922e38d69fe703470b91d4562a62babd3

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              8KB

                                              MD5

                                              f14de4a28b2b90e02b72851d79c0ddc6

                                              SHA1

                                              b95c24b5c6948332bcc0c4d3e96537f30160e646

                                              SHA256

                                              4d6e57b74f57db993ebe178e0c1281895a7122a559bdada0e2753b3a2f557cae

                                              SHA512

                                              35d0fde71199443078ac6940005d85f6ec3db5d2433f6e1bb3fa502e2d9091913aef16a73106189688da397c85ac483c77b6dfa571fdc8e0b89aeda82e4a9aba

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                              Filesize

                                              264KB

                                              MD5

                                              f50f89a0a91564d0b8a211f8921aa7de

                                              SHA1

                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                              SHA256

                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                              SHA512

                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2024-7-1.140.3656.1.aodl
                                              Filesize

                                              256B

                                              MD5

                                              754e2832b69085da2e05578b46f7398f

                                              SHA1

                                              4f317385e8178385bf6c488e5c1cbc1a09c6903e

                                              SHA256

                                              c27ff9ccdae9b57f8539617e879a7b2293e4c07a770ec2048c84de1cd2e29c2e

                                              SHA512

                                              6f9058ba42991805f3c1ef8f03b5b242d9014acd4b647d54483ceddd249aabe010726ac818661b6fa8360a2a1705fc25adf9dad8e071971739981209dc199649

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.session
                                              Filesize

                                              20KB

                                              MD5

                                              57edba1fbadebd224fc487107a6816f6

                                              SHA1

                                              2480188e6fc478b197a11a2bb750a2520c96c2ab

                                              SHA256

                                              1e5f4f4596337f1749b0609d222b133af7286295d92f858690560b85c2f6df4c

                                              SHA512

                                              9421620474f5ca18c1fadd4ab01005399cf81d076839e30e06aedfb3cc4e36f02da3e7c51ace84a728e2f413a697bf4c45ac9da426b39a70cc7a21628ac9e907

                                              Download Submit

                                            • C:\Windows\System32\GroupPolicy\gpt.ini
                                              Filesize

                                              127B

                                              MD5

                                              8ef9853d1881c5fe4d681bfb31282a01

                                              SHA1

                                              a05609065520e4b4e553784c566430ad9736f19f

                                              SHA256

                                              9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

                                              SHA512

                                              5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

                                              Download Submit

                                            • memory/3616-5-0x00007FF9C3F50000-0x00007FF9C3F52000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/3616-21-0x00007FF668830000-0x00007FF668F9E000-memory.dmp

                                              Filesize

                                              7.4MB

                                              Download

                                            • memory/3616-20-0x00007FF668830000-0x00007FF668F9E000-memory.dmp

                                              Filesize

                                              7.4MB

                                              Download

                                            • memory/3616-19-0x00007FF668995000-0x00007FF668C37000-memory.dmp

                                              Filesize

                                              2.6MB

                                              Download

                                            • memory/3616-0-0x00007FF668995000-0x00007FF668C37000-memory.dmp

                                              Filesize

                                              2.6MB

                                              Download

                                            • memory/3616-2-0x00007FF9C6220000-0x00007FF9C6222000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/3616-4-0x00007FF9C42C0000-0x00007FF9C42C2000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/3616-3-0x00007FF9C42B0000-0x00007FF9C42B2000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/3616-1-0x00007FF9C6210000-0x00007FF9C6212000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/3616-8-0x00007FF668830000-0x00007FF668F9E000-memory.dmp

                                              Filesize

                                              7.4MB

                                              Download

                                            • memory/3616-10-0x00007FF668830000-0x00007FF668F9E000-memory.dmp

                                              Filesize

                                              7.4MB

                                              Download

                                            • memory/3616-6-0x00007FF9C3F60000-0x00007FF9C3F62000-memory.dmp

                                              Filesize

                                              8KB

                                              Download