505e786f8a6e6d0ef413036b10177f619d4c2e65960063e20d1cbcdb8ac4099b

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Super Mario 64 - N viejo/Super Mario 64 - N viejo.exe
Size

10.4MB
MD5

678f8f3e3318297ad5d10fcd0a28031c
SHA1

5bd8c9e24ccdb2b7748a5f30cc0a28579ba9d85b
SHA256

96ad2703473931cee48361aa938d27271087b23fd37965989fd7aad629f92cea
SHA512

58e94ecf6338c781b45bcbf1fb4beebfa0eeed5e74a10589041f3ede1f287eb79c5d9c6f3a31d1534a43dd8bf738fb6d73a99ef65d07470917fa5739c83984c3
SSDEEP

196608:WiSoon4CXXfQd541qhf1LSAMXKHn2thR+2fIbyToI/hf8tDw0SvnaBwMMd1T:Wv34CXPQd541g3qKHSNyyToINE00Ywwr

Score

7^/10

aspackv2 discovery upx

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x00070000000234f1-58.dat	aspack_v212_v242
behavioral2/files/0x00070000000234f2-67.dat	aspack_v212_v242
behavioral2/files/0x00070000000234ef-73.dat	aspack_v212_v242
behavioral2/files/0x00070000000234f5-71.dat	aspack_v212_v242

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	Mario64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	Mario64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	Mario64.exe

Executes dropped EXE 6 IoCs

pid	Process
3172	Mario64.exe
2176	Emulador.exe
5008	Mario64.exe
2008	Emulador.exe
4144	Mario64.exe
3084	Emulador.exe

Loads dropped DLL 21 IoCs

pid	Process
2176	Emulador.exe
2176	Emulador.exe
2176	Emulador.exe
2176	Emulador.exe
2176	Emulador.exe
2176	Emulador.exe
2176	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000234ec-43.dat	upx
behavioral2/memory/3172-49-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/3172-82-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/3172-146-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/5008-171-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/5008-208-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/4144-260-0x0000000000400000-0x0000000000452000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_DInput.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Project64.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Save\SUPER MARIO 64.$$A	Super Mario 64 - N viejo.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Logs\Direct3D8 Error.log	Emulador.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Logs\Direct3D8 Error.log	Emulador.exe
File created	C:\Program Files (x86)\Super Mario 64\ico.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Dsound.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\NRage_DInput8_V2.$$A	Super Mario 64 - N viejo.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Desinstalador.exe	Super Mario 64 - N viejo.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Save\SUPER MARIO 64.eep	Emulador.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D6.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D8.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Super Mario 64.$$A	Super Mario 64 - N viejo.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Save\SUPER MARIO 64.eep	Emulador.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Save\SUPER MARIO 64.eep	Emulador.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\RSP.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Zilmar_Audio.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Project64.exe.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Desinstalador.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Emulador.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Mario64.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Adaptoid_v1_0.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\No Sound.$$A	Super Mario 64 - N viejo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4912	2176	WerFault.exe	100
404	2008	WerFault.exe	112

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3084	Emulador.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1504	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1504	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2176	Emulador.exe
2176	Emulador.exe
2176	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
2008	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe
3084	Emulador.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 2780	3172	Mario64.exe	98
PID 3172 wrote to memory of 2780	3172	Mario64.exe	98
PID 3172 wrote to memory of 2780	3172	Mario64.exe	98
PID 2780 wrote to memory of 2176	2780	cmd.exe	100
PID 2780 wrote to memory of 2176	2780	cmd.exe	100
PID 2780 wrote to memory of 2176	2780	cmd.exe	100
PID 5008 wrote to memory of 4596	5008	Mario64.exe	110
PID 5008 wrote to memory of 4596	5008	Mario64.exe	110
PID 5008 wrote to memory of 4596	5008	Mario64.exe	110
PID 4596 wrote to memory of 2008	4596	cmd.exe	112
PID 4596 wrote to memory of 2008	4596	cmd.exe	112
PID 4596 wrote to memory of 2008	4596	cmd.exe	112
PID 4144 wrote to memory of 3996	4144	Mario64.exe	121
PID 4144 wrote to memory of 3996	4144	Mario64.exe	121
PID 4144 wrote to memory of 3996	4144	Mario64.exe	121
PID 3996 wrote to memory of 3084	3996	cmd.exe	123
PID 3996 wrote to memory of 3084	3996	cmd.exe	123
PID 3996 wrote to memory of 3084	3996	cmd.exe	123

C:\Users\Admin\AppData\Local\Temp\Super Mario 64 - N viejo\Super Mario 64 - N viejo.exe
"C:\Users\Admin\AppData\Local\Temp\Super Mario 64 - N viejo\Super Mario 64 - N viejo.exe"
1⤵
- Drops file in Program Files directory
PID:2112

C:\Program Files (x86)\Super Mario 64\Mario64.exe
"C:\Program Files (x86)\Super Mario 64\Mario64.exe" C:\Users\Admin\Desktop\UndoExpand.doc
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FD2C.tmp\Mario64.bat" C:\Users\Admin\Desktop\UndoExpand.doc "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Program Files (x86)\Super Mario 64\Emulador.exe
    Emulador.exe Super Mario 64.n64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 1428
      4⤵
      Program crash
      PID:4912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x3f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2176 -ip 2176
1⤵
PID:4976

C:\Program Files (x86)\Super Mario 64\Mario64.exe
"C:\Program Files (x86)\Super Mario 64\Mario64.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\361E.tmp\Mario64.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4596
- - C:\Program Files (x86)\Super Mario 64\Emulador.exe
    Emulador.exe Super Mario 64.n64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 1700
      4⤵
      Program crash
      PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2008 -ip 2008
1⤵
PID:1676

C:\Program Files (x86)\Super Mario 64\Mario64.exe
"C:\Program Files (x86)\Super Mario 64\Mario64.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\68F6.tmp\Mario64.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3996
- - C:\Program Files (x86)\Super Mario 64\Emulador.exe
    Emulador.exe Super Mario 64.n64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Super Mario 64\Emulador.exe

Filesize
189KB

MD5
be5961ce4de0b363069910edb897498b

SHA1
ffed3dd42551d0e560eb2596defdd16547d8d5fa

SHA256
8d7d373d024206f7513721b320ef3359b885aa6ea73dc2c14b3a42f0c099be2b

SHA512
a4c73543926b68922c86000ed3b966acba53fb25521cf473d3f5f98b4bb416dc9ba50224406764d3bf890c9fbd9394cb1a5c9d4eb88d7fbff3869c73f7b2013d

Download Submit
C:\Program Files (x86)\Super Mario 64\Mario64.exe

Filesize
155KB

MD5
5925382327d825d10a9b169490bd9a64

SHA1
3c3d4bfb6190da8b94a25126c24e91601d1a8d24

SHA256
449b360739a7c667ddfb44f9a7b9a77967765b4a915c7b64a09d077acd0768e0

SHA512
6ffab3fbc57330072c46d8f3c0c7a108575e61bb3333bbac3cbb3950e165a58fabc39782337068faeb755c7660d8d379d1a18ba29fd9f9fa07379ae9dd376d76

Download Submit
C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_DInput.dll

Filesize
67KB

MD5
d5f798c360aaac128b0fc4a211688ccd

SHA1
4b55d92fda42f108bd0e22503afd905754e95caf

SHA256
0468fc03d5bfd4e47fb0c5f69c657cab62e4bbb2c8948949b4a1d106648ab99e

SHA512
517bce1e5fd1ce06d9d8986e936a0029bf05fd8b6518ea56df7257eb540a2fa722bb799ac2c36a2223f973f074cee29c648720fe01c7b25a77578e828bb1b5d5

Download Submit
C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D8.dll

Filesize
232KB

MD5
ff57f60c58ede6364b980edcb311873b

SHA1
5ec6e231f780d9eafa6ee855e0f4968a7f8c347d

SHA256
05536c82c764f24038bd6f22d47a5427318ce3118bbe1bb798c8309d40f00fcf

SHA512
1e3b5d1bd93cf36dcd862869374d7931eedb1578ceec635c1972f302bd1abaa2d9a63721a2ca9ab4fe1fda8f268f352c70e8a35c8bae91253cb2b4eb1bc7234d

Download Submit
C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Dsound.dll

Filesize
53KB

MD5
d5f1a6d72a4eb2e7adf1f5b803e97419

SHA1
d8a93e436e488279d40e0e79a4a04f4ff175f36a

SHA256
9955b91ace2f7e87ec5034274228906e43dac4961abbd296aedfb378b7b3ccf6

SHA512
238b8fd0115f6a820498445d6a2c1cd21e46138272edcb7355cce28ae8aad070e10065c99c95e5d4b03238b8d3b66d2652ad6162e1bb687a99ee6d900ce17ec7

Download Submit
C:\Program Files (x86)\Super Mario 64\Plugin\RSP.dll

Filesize
107KB

MD5
23706412ee7a8e7c2c2aa218f9258dd8

SHA1
67fab0e559f4068298b4ca8a682dd2e63be4ac07

SHA256
cdf1a04e877aa9ed57f9446b34a2bdf12cf263542bd461f6a4354d458721abf9

SHA512
b77e1ff74269c7c031bec751162e92305038192952d282e8853d37766f71db62b0dfb99ffcd1139fe866f7b1290a41804c279d7e06fc4718bb7c1c3e2c6404a8

Download Submit
C:\Program Files (x86)\Super Mario 64\Project64.cht

Filesize
1.1MB

MD5
2d914cf0cab53125d6a9635447fff97c

SHA1
a6f3c1303d5d83d6f82c4b57dfdc9ed81d136ea0

SHA256
b5ae7e009019739e2f783a26acdfd18a850f3f995d4347091833e83eca2a7932

SHA512
498beae574b3a0219164c7e41807d2dcedc1c31a08e8f82e69a6c3c347b6479782e2633cc5df61f7a4f2b01c799e8818c8f0b33c57498a4515f4da3455f333de

Download Submit
C:\Program Files (x86)\Super Mario 64\Project64.rdb

Filesize
340KB

MD5
e66224fd74128603f88caf84a2be7b5c

SHA1
55d8a2cb7e075dc5d940182435e94cfcb27d0570

SHA256
14852edd261c00f392f331862b2313bf04ac0b5f0a67d22b0f87049d3240de63

SHA512
8d4ab2db73640382981c14751d1483976e96fe5faf65540ea919c87fa37ca263c22e2ef5734c81ea2f544e067cd351deb8f0e4c2271b5f5bfe094941c3f5f0b4

Download Submit
C:\Program Files (x86)\Super Mario 64\Save\SUPER MARIO 64.eep

Filesize
512B

MD5
0b91c7a69a89d34bd6d63948b06a1497

SHA1
671a5c9782a3307091a98c8fec0782ebe6eed7f8

SHA256
ed22a78d4e77ded30cd61898a7aa03a355a1db16d15b5a19d24a4538aac9020a

SHA512
89448889ac07190ffedddc2026e100a64663aa8933ed89c9018d36ff03ce4e23fce4115e2a6845b8524cfc7540991b6284469b3b6e83b67671d16ed1b7e82a91

Download Submit
C:\Program Files (x86)\Super Mario 64\Super Mario 64.n64

Filesize
24.0MB

MD5
e51a6ff9b2dbbd216158cacff35eb215

SHA1
7b156eae442097ab16bea77115f0619e236deaef

SHA256
85a1a81329940888384bc7660e69d735e3dc73d7fb6ad3cea65e4ea86b9a8920

SHA512
a32448f678525323bfa7f750c0b2a5db3ed9ec08901c6a956dd8f76a8fa0546e9bb9110ad31598ed349f8b627396c3174dea0b976097cba92ed8923044c1b74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\FD2C.tmp\Mario64.bat

Filesize
31B

MD5
87d6025ae92be37a310adc5ba90d105e

SHA1
ba032dbc50129b1513fa630a69c3dc6e89575c3e

SHA256
28be29da2836e6de8890bb709fb57058dc40cee6c7ebf3e98ec559ef11ef4b35

SHA512
0a131368444ce396883001556c127a61350de3faa16db87e12372d5ff03b65f25f7ab8611a48d0d05d01d9144d9a244433f0e6852ece8474455be10c3d2724d1

Download Submit
memory/2008-203-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2008-206-0x00000000080E0000-0x0000000008127000-memory.dmp

Filesize
284KB

Download
memory/2008-182-0x00000000049A0000-0x00000000049CC000-memory.dmp

Filesize
176KB

Download
memory/2008-181-0x0000000000B90000-0x0000000000BB6000-memory.dmp

Filesize
152KB

Download
memory/2008-180-0x00000000007C0000-0x00000000007C7000-memory.dmp

Filesize
28KB

Download
memory/2008-179-0x00000000048A0000-0x0000000004957000-memory.dmp

Filesize
732KB

Download
memory/2008-204-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2008-153-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2008-177-0x0000000004800000-0x0000000004894000-memory.dmp

Filesize
592KB

Download
memory/2008-205-0x00000000049D0000-0x0000000004A6A000-memory.dmp

Filesize
616KB

Download
memory/2008-169-0x0000000008740000-0x0000000008760000-memory.dmp

Filesize
128KB

Download
memory/2008-168-0x00000000080E0000-0x0000000008127000-memory.dmp

Filesize
284KB

Download
memory/2008-163-0x00000000049D0000-0x0000000004A6A000-memory.dmp

Filesize
616KB

Download
memory/2008-162-0x00000000049D0000-0x0000000004A6A000-memory.dmp

Filesize
616KB

Download
memory/2008-155-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2176-101-0x00000000080C0000-0x00000000080E6000-memory.dmp

Filesize
152KB

Download
memory/2176-120-0x0000000006B40000-0x0000000006B6C000-memory.dmp

Filesize
176KB

Download
memory/2176-102-0x0000000007A80000-0x0000000007A8A000-memory.dmp

Filesize
40KB

Download
memory/2176-100-0x0000000007A60000-0x0000000007A80000-memory.dmp

Filesize
128KB

Download
memory/2176-97-0x0000000007630000-0x0000000007766000-memory.dmp

Filesize
1.2MB

Download
memory/2176-99-0x00000000079F0000-0x0000000007A37000-memory.dmp

Filesize
284KB

Download
memory/2176-98-0x00000000074D0000-0x00000000074DF000-memory.dmp

Filesize
60KB

Download
memory/2176-96-0x0000000007460000-0x000000000748B000-memory.dmp

Filesize
172KB

Download
memory/2176-95-0x00000000073F0000-0x000000000745B000-memory.dmp

Filesize
428KB

Download
memory/2176-93-0x0000000007380000-0x00000000073C4000-memory.dmp

Filesize
272KB

Download
memory/2176-91-0x00000000072E0000-0x000000000735F000-memory.dmp

Filesize
508KB

Download
memory/2176-92-0x0000000007360000-0x000000000737D000-memory.dmp

Filesize
116KB

Download
memory/2176-90-0x0000000007240000-0x00000000072DA000-memory.dmp

Filesize
616KB

Download
memory/2176-89-0x0000000006B40000-0x0000000006B6C000-memory.dmp

Filesize
176KB

Download
memory/2176-88-0x0000000003FC0000-0x0000000003FE6000-memory.dmp

Filesize
152KB

Download
memory/2176-87-0x0000000000B80000-0x0000000000B87000-memory.dmp

Filesize
28KB

Download
memory/2176-84-0x0000000003E60000-0x0000000003EF4000-memory.dmp

Filesize
592KB

Download
memory/2176-85-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2176-94-0x0000000004050000-0x000000000405D000-memory.dmp

Filesize
52KB

Download
memory/2176-144-0x00000000079F0000-0x0000000007A37000-memory.dmp

Filesize
284KB

Download
memory/2176-143-0x0000000007240000-0x00000000072DA000-memory.dmp

Filesize
616KB

Download
memory/2176-142-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2176-141-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2176-86-0x0000000003F00000-0x0000000003FB7000-memory.dmp

Filesize
732KB

Download
memory/2176-57-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2176-108-0x0000000008130000-0x000000000813E000-memory.dmp

Filesize
56KB

Download
memory/2176-109-0x0000000008D00000-0x0000000008DF3000-memory.dmp

Filesize
972KB

Download
memory/2176-110-0x00000000093B0000-0x0000000009423000-memory.dmp

Filesize
460KB

Download
memory/2176-113-0x0000000004570000-0x0000000004B32000-memory.dmp

Filesize
5.8MB

Download
memory/2176-111-0x0000000009430000-0x00000000095BF000-memory.dmp

Filesize
1.6MB

Download
memory/2176-112-0x0000000009A60000-0x0000000009A68000-memory.dmp

Filesize
32KB

Download
memory/2176-60-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2176-103-0x00000000081B0000-0x000000000829D000-memory.dmp

Filesize
948KB

Download
memory/2176-83-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2176-68-0x0000000007240000-0x00000000072DA000-memory.dmp

Filesize
616KB

Download
memory/2176-76-0x0000000007A60000-0x0000000007A80000-memory.dmp

Filesize
128KB

Download
memory/2176-74-0x00000000079F0000-0x0000000007A37000-memory.dmp

Filesize
284KB

Download
memory/3084-216-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/3084-224-0x0000000007910000-0x00000000079AA000-memory.dmp

Filesize
616KB

Download
memory/3084-223-0x0000000007910000-0x00000000079AA000-memory.dmp

Filesize
616KB

Download
memory/3084-230-0x0000000008130000-0x0000000008150000-memory.dmp

Filesize
128KB

Download
memory/3084-229-0x00000000080E0000-0x0000000008127000-memory.dmp

Filesize
284KB

Download
memory/3172-82-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3172-146-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3172-49-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4144-260-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/5008-171-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/5008-208-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download