837ec0e9287fcb56331695971c618ce18f14dff0107ccd5749bd51c75bccc6d6

Analysis

max time kernel
124s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Microsoft.Extensions.Options.dll
Size

49KB
MD5

257beb2a2e61d95541ff34c1791dfa1c
SHA1

847771b132378679014e141831cff2279b15c3ed
SHA256

a11544ccadbd55d297c9bba46e0d75c7dee2df1b3d937ba8c1280918413e2c37
SHA512

35e503774c40f81333c4b21468fd58d5362c764d043d5539428c9b9fada5a072568f8dc2dbd46d8468edd295c8311d9a3a7a10e104080c03b38800575123adb7
SSDEEP

768:htd/yZ8bAzn33QcOg1E0Oby1Ey5hvaU+yMbrIF8BOuMtzr:qz3RbO2PfyrbeVuMtzr

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SearchIndexer.exe

description	ioc	process
File opened (read-only)	\??\z:	SearchIndexer.exe
File opened (read-only)	\??\j:	SearchIndexer.exe
File opened (read-only)	\??\p:	SearchIndexer.exe
File opened (read-only)	\??\W:	SearchIndexer.exe
File opened (read-only)	\??\r:	SearchIndexer.exe
File opened (read-only)	\??\u:	SearchIndexer.exe
File opened (read-only)	\??\U:	SearchIndexer.exe
File opened (read-only)	\??\w:	SearchIndexer.exe
File opened (read-only)	\??\I:	SearchIndexer.exe
File opened (read-only)	\??\M:	SearchIndexer.exe
File opened (read-only)	\??\P:	SearchIndexer.exe
File opened (read-only)	\??\o:	SearchIndexer.exe
File opened (read-only)	\??\T:	SearchIndexer.exe
File opened (read-only)	\??\V:	SearchIndexer.exe
File opened (read-only)	\??\x:	SearchIndexer.exe
File opened (read-only)	\??\X:	SearchIndexer.exe
File opened (read-only)	\??\h:	SearchIndexer.exe
File opened (read-only)	\??\L:	SearchIndexer.exe
File opened (read-only)	\??\m:	SearchIndexer.exe
File opened (read-only)	\??\Z:	SearchIndexer.exe
File opened (read-only)	\??\A:	SearchIndexer.exe
File opened (read-only)	\??\e:	SearchIndexer.exe
File opened (read-only)	\??\t:	SearchIndexer.exe
File opened (read-only)	\??\H:	SearchIndexer.exe
File opened (read-only)	\??\n:	SearchIndexer.exe
File opened (read-only)	\??\N:	SearchIndexer.exe
File opened (read-only)	\??\R:	SearchIndexer.exe
File opened (read-only)	\??\a:	SearchIndexer.exe
File opened (read-only)	\??\g:	SearchIndexer.exe
File opened (read-only)	\??\G:	SearchIndexer.exe
File opened (read-only)	\??\l:	SearchIndexer.exe
File opened (read-only)	\??\v:	SearchIndexer.exe
File opened (read-only)	\??\y:	SearchIndexer.exe
File opened (read-only)	\??\B:	SearchIndexer.exe
File opened (read-only)	\??\F:	SearchIndexer.exe
File opened (read-only)	\??\J:	SearchIndexer.exe
File opened (read-only)	\??\i:	SearchIndexer.exe
File opened (read-only)	\??\s:	SearchIndexer.exe
File opened (read-only)	\??\b:	SearchIndexer.exe
File opened (read-only)	\??\D:	SearchIndexer.exe
File opened (read-only)	\??\E:	SearchIndexer.exe
File opened (read-only)	\??\q:	SearchIndexer.exe
File opened (read-only)	\??\Q:	SearchIndexer.exe
File opened (read-only)	\??\S:	SearchIndexer.exe
File opened (read-only)	\??\Y:	SearchIndexer.exe
File opened (read-only)	\??\k:	SearchIndexer.exe
File opened (read-only)	\??\K:	SearchIndexer.exe
File opened (read-only)	\??\O:	SearchIndexer.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

SearchProtocolHost.exeSearchFilterHost.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{8082C5E6-4C27-48EC-A809-B8E1122E8F97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a2c36e2014e5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c147f42014e5da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000bc6d551f14e5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000014dfc71f14e5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\msinfo32.exe,-10001 = "System Information File"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000afd7622014e5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000047a9501f14e5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b5464e1f14e5da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006090b91f14e5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

SearchIndexer.exe

description	pid	process
Token: 33	4760	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4760	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4760	SearchIndexer.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

SearchIndexer.exe

description	pid	process	target process
PID 4760 wrote to memory of 4624	4760	SearchIndexer.exe	SearchProtocolHost.exe
PID 4760 wrote to memory of 4624	4760	SearchIndexer.exe	SearchProtocolHost.exe
PID 4760 wrote to memory of 4344	4760	SearchIndexer.exe	SearchFilterHost.exe
PID 4760 wrote to memory of 4344	4760	SearchIndexer.exe	SearchFilterHost.exe
PID 4760 wrote to memory of 2004	4760	SearchIndexer.exe	SearchFilterHost.exe
PID 4760 wrote to memory of 2004	4760	SearchIndexer.exe	SearchFilterHost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.Extensions.Options.dll,#1
1⤵
PID:1952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2984

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4760

C:\Windows\System32\SearchProtocolHost.exe
"C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
2⤵
- Modifies data under HKEY_USERS
PID:4624

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 832 2608 2596 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
2⤵
- Modifies data under HKEY_USERS
PID:4344

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 832 2696 2672 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}
2⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4344-47-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-43-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-66-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-67-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-63-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-39-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-40-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-46-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-42-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-45-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-53-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-52-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-51-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-50-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-49-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-48-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-38-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-65-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-41-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-44-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-54-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-55-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-59-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-58-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-57-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-56-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-60-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-61-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-62-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4344-64-0x000001E1FABA0000-0x000001E1FABB0000-memory.dmp

Filesize
64KB

Download
memory/4760-16-0x000001DF37650000-0x000001DF37660000-memory.dmp

Filesize
64KB

Download
memory/4760-0-0x000001DF37550000-0x000001DF37560000-memory.dmp

Filesize
64KB

Download
memory/4760-36-0x000001DF3C3A0000-0x000001DF3C3A8000-memory.dmp

Filesize
32KB

Download
memory/4760-32-0x000001DF3BD40000-0x000001DF3BD48000-memory.dmp

Filesize
32KB

Download