a1320d2c940c408a3eb8a285943489deb119c0a64e55b86f06b176505c4c7236

Analysis

max time kernel
225s
max time network
224s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rhett.docx
Size

50KB
MD5

a3e6a12a783b3330e1dbabca19040ad2
SHA1

247e46db65f1145d3a97e094fe6ae8c959c08c2d
SHA256

7afbcbbfc41fda93e509f84f0f794c5ebaf78d045835eacf3f163d298af97cc1
SHA512

6736580f0a43b98935e432474b165c4f95263afc8aae0722b5721461b58dbc9effbfd32975e897531fb51f7ee0be8b104919c7640106df97c83cb768bb540300
SSDEEP

1536:MDGWm7rZHIwr/CGD5uLmdUHeKOHYzVHj1fJF:MDtm7rZHJCTmS+z4zRRj

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650141416824427"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4980	WINWORD.EXE
4980	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE
4980	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4536	5016	chrome.exe	93
PID 5016 wrote to memory of 4536	5016	chrome.exe	93
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 648	5016	chrome.exe	94
PID 5016 wrote to memory of 3628	5016	chrome.exe	95
PID 5016 wrote to memory of 3628	5016	chrome.exe	95
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96
PID 5016 wrote to memory of 3652	5016	chrome.exe	96

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Rhett.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb833aab58,0x7ffb833aab68,0x7ffb833aab78
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:2
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=2076,i,9159756110806410717,13920993919445180797,131072 /prefetch:8
  2⤵
  PID:2720

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e93bfe0875d7d26578b9c046e86e8edd

SHA1
9ad7fbdc104e0f99af28292526927a2efb3953bc

SHA256
4d5009c653b1dcf3b2b0502ca462d68164e528d5d333d00fd8d7739514a7b58c

SHA512
c47f07d2d87144a786d3ca0032c558cdf18f2535335a65377fb4bc28627d61849d4b9294501afc3f84aa58ad468d419a9cb6857c0a24a48867dfe5bd9c21a455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c188c90ecb0e9caa95cf77a4c1422791

SHA1
0321057761fb88f88b07393baacc38e1d4b17086

SHA256
7ce1a8741391a04ede3ea2d6bd6a51bda8a2622d2f483366f6f194e932163485

SHA512
c0f57b2157a64f5228e658861eb2ddd21e28b8156c477ee6438438aab83a28372dd5cc0c1981ce05e8302c65e9d31557dd723bc6c5e4fee2f9cd234fe7dbd639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2ace9f7b00a352b28a41f5f48ca2cc30

SHA1
136565f34af6bb757eec0c7d572baa21ceae488d

SHA256
210db47819292f15261802773f5c526134c144a1998e8d453b3266c977bf86e0

SHA512
177cdb925487eeb8b4f22b4f00348da63dc3b3f10ad7f5425697abc829b9ec4bdb30795e330750c89655c3e9b77ed076dbb57856a330c91fa329e8e178523bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
286KB

MD5
a393d028b828d7a0fa999ad204880acf

SHA1
df515ae60ee2a159c34b1b06a108284225369fc5

SHA256
cb169e9a1c8590e6ce51808465959accad0b535fa40b5095a2e55b1ed66434f9

SHA512
c06c26cd883ea6fa4887aceccb4afdd346cab9cf951b2a59e089a3f560f13da2929d11a46ad8df08364c3a0bef56c250505715ba895f90eb1cc1d24a2c8ace3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
460480dce4f2acd8e8f57f07928cabd0

SHA1
c4f9699f9597a4e578712f0581d3765b65883627

SHA256
a90e91bfc04dc163549b2856484481c7d8f9edd8e56d0b58e8bd3d549e85840e

SHA512
f47bf4c41088d39392fd5f5fccd0437e69711d2a05ae791994d762a730eec891ab646961adcda31a5e73ea4fa9012d9e2dc5f92d1bf1aa8fa5aab89941778351

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDD12.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
2ebc600066c1babb1ad32c572543169d

SHA1
8b446ae009770c31b7a9123aaeedb7d24f67d256

SHA256
0c5a858b3fb964c47d254814e4e927bb1d05abfaa001c84fbdbe906e7c143330

SHA512
12308aad03525eb0ec22be38016f55388aff6ea6fddc7e4aebff2b12dc68930c928f1fbb86a201374f8ebce05b67455f30412b1b6ba094afbf559b0b5d3136f2

Download Submit
memory/4980-11-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-266-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-15-0x00007FFB50580000-0x00007FFB50590000-memory.dmp

Filesize
64KB

Download
memory/4980-16-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-17-0x00007FFB50580000-0x00007FFB50590000-memory.dmp

Filesize
64KB

Download
memory/4980-0-0x00007FFB527D0000-0x00007FFB527E0000-memory.dmp

Filesize
64KB

Download
memory/4980-10-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-9-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-4-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-14-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-12-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-13-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-267-0x00007FFB927ED000-0x00007FFB927EE000-memory.dmp

Filesize
4KB

Download
memory/4980-268-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-269-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-8-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-7-0x00007FFB527D0000-0x00007FFB527E0000-memory.dmp

Filesize
64KB

Download
memory/4980-6-0x00007FFB92750000-0x00007FFB92945000-memory.dmp

Filesize
2.0MB

Download
memory/4980-5-0x00007FFB527D0000-0x00007FFB527E0000-memory.dmp

Filesize
64KB

Download
memory/4980-2-0x00007FFB527D0000-0x00007FFB527E0000-memory.dmp

Filesize
64KB

Download
memory/4980-3-0x00007FFB527D0000-0x00007FFB527E0000-memory.dmp

Filesize
64KB

Download
memory/4980-1-0x00007FFB927ED000-0x00007FFB927EE000-memory.dmp

Filesize
4KB

Download