00e9cd8bd69b0ae1364a6af9208bfaeb1d7e80b71db3d9fcb4b9c82b4444e246

Analysis

max time kernel
141s
max time network
56s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/08/2024, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UserPassLog-main/main.vbs
Size

306B
MD5

ed42f9f0d158cfd9d836e4c5c2fcd7e2
SHA1

bb7a2a0e7799959c2be84160eb8bf71833c876bc
SHA256

f0139f4743cfb9f6b3acdec955f63e5b75cdc216fe2328bea934388d12290d7f
SHA512

e72038d957f644f0d76e4dce722e6db70a1e61bf054e5ba0aa3944f332c4dc37d91dbb8a56db1bd4f6a736605e4d91e0b77e3275fe5b6df54159b72b4eeea396

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1004	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1004	powershell.exe
1004	powershell.exe
1004	powershell.exe
1004	powershell.exe
1004	powershell.exe
1004	powershell.exe
1004	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1004	powershell.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 1004	4292	WScript.exe	82
PID 4292 wrote to memory of 1004	4292	WScript.exe	82

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\UserPassLog-main\main.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File loginprompt.ps1 -username administrator
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_baxiwqih.ymr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\ApproveCopy.xlsx

Filesize
13KB

MD5
8b3cb21f96ca01006fb5e2533080bdcb

SHA1
61e34ec7bf97c6e6bae96a07e6a99a2b9dd4589e

SHA256
02ef0316f16ce49a1e945eb06e5ee06652f8c3f47950784863b390b5da61d153

SHA512
ba732e6c2cb920fe8b43dd72885f269ce5b88b333753c359d009f815f23b730664388df0d01b3a5b1671599a754bbc40f659e7dc88cc0661d046452bbbd5dd72

Download Submit
C:\Users\Admin\Desktop\ClearWrite.mp4v

Filesize
219KB

MD5
c7231da0b824b043ba3cb5b5dc6ae5ac

SHA1
daa4d385580a6f24f21fa801c62a63716bc2e659

SHA256
adad8bdd9e5e6974ad08f037eed73ce518ee63a3bbc66daf479f42f4e25faf5d

SHA512
5899ecde897bfba172f63e781fcc963ccda8a841bca0aa9a5a3d81201dc66fdc15ef089a81f1c11b8a4e522a33fffdb6de08d8297c44f4b2f19a78b1c657b317

Download Submit
C:\Users\Admin\Desktop\DenyRegister.wmx

Filesize
438KB

MD5
5752d4b2066eaa9b0e2146823ce128b2

SHA1
6caf35c590aa4e014475fec8e7a0da301ddc5db8

SHA256
ff32637063c32514cf3d24a80a86f1d82be24ed490cb08d9059ee916764303e7

SHA512
edb2563a339c1bd8fc5705475e906362cb87e0c708300a3aa05d3fe3db2e15ed2f09fc4542da0dd9b8bd837f42373acb96f7fc91550fcc6635a7c9850fd10ece

Download Submit
C:\Users\Admin\Desktop\DisconnectEnable.cab

Filesize
564KB

MD5
a24d16ccd13ef5a64a455f240a1a909a

SHA1
0bad532a0e7d1df27360a4994a3f5c2465109b1f

SHA256
ef5bacf8694c209e3267edfa6fc90d65239b4d753487106f76ef38e8761bf1c7

SHA512
5378800c6572a743bb3e5ac3de8c4424d89c1cffcc8df2bd009cc852887b56544a6a1666fe3bccbdce5f438e638eae65805197e7708d976d268bf75f7bf4b07e

Download Submit
C:\Users\Admin\Desktop\EnableUndo.emf

Filesize
329KB

MD5
af51649f21e2700bdbc9ba5044da8385

SHA1
24e3131fb9695be1a9d28f02e1294d8a4de08fbb

SHA256
cb7716a18691ed474a6025ca2625c19daf8a92c05c9124d43205d62c591a1383

SHA512
958839035d14a4eff0db94095a720956d266fdd27751eeb404f0316159f33e7bbed371c5b233a13561668a0d9364d13ebcacefd731f9698eaeb548c89c18e2fe

Download Submit
C:\Users\Admin\Desktop\ExportSwitch.mpg

Filesize
407KB

MD5
fd7e87f018531f63d3d00b42c9dcae67

SHA1
44b62ed51d6c3a669f17d2e047f0a9a94823d5f9

SHA256
de9a2ff961fed2e21f2ec09453aefaa5b97da6442d36c088e31b51ad5a701868

SHA512
89947732f3a94f5146e1e272a17c15e27780cf927dfaf6cfbd069390bfaeed2c19bbb42b1c86ae3c5751b17a71f5b264d5d3f41809d52043dbc04455f1186aa2

Download Submit
C:\Users\Admin\Desktop\GrantImport.wps

Filesize
344KB

MD5
479a67cb0d58c76f5949026c524e376f

SHA1
4d50c80ae698810e488740c306f33c1a7f2afc63

SHA256
8ebec3bb1f68efe183c03816e2fa42dd84f6e320e32ee7a0ec5800bc12158530

SHA512
e390cbf1058b2f961c482a3da218864c5240d9a699f05b13eab63b88d7a596e1a4a5a58d175c004542d9d72fc554a7d25ea58938c4867a84056df50d85afcb7d

Download Submit
C:\Users\Admin\Desktop\GroupOut.eprtx

Filesize
297KB

MD5
7324d635e99d2e5f7d4970afade5f7bb

SHA1
e4c127dded6ffc69810fb0bd38d40f4999287b9a

SHA256
b9b51e0a2fa5af10eb2fa3b6422eb4a19a1c846fff85fb9df6a984a1afc3985d

SHA512
f21dd7281b9ef821a429caa11d475782c6a48b825fc6ac8e25030ee04c023b750638cd747dba36937f1265cbc7e3e7c15a8767ad3196bd41656bb807d8248d2e

Download Submit
C:\Users\Admin\Desktop\JoinMove.xlsx

Filesize
12KB

MD5
e93ee8899f6d494f3f60149f138a6d5a

SHA1
fb574e2a3561059fc9f379b367730274b3b0208b

SHA256
5e1e5b775f1edbcc3124278e8667b5b22b6b1338f19eb76600ea27b1d6b90de6

SHA512
070967296ff4668db8f87acbbf198d538a58f3a4e6677c9f36adcca3ebd5c57f5989dd69b205022c79c3cdc9759f6bd2e1f21c5c07c1fd34ce497dd867b6fc9a

Download Submit
C:\Users\Admin\Desktop\JoinUpdate.mhtml

Filesize
313KB

MD5
167ee60372a9c08553e7b690a24e0951

SHA1
f666afe0893ffa41e24edeff3c915f755430d8c6

SHA256
3f1d5ea7b4bf58c524ab7faecca68c2302bd1cc99997d205816c9be3853b7207

SHA512
ff158790c1af4fe17a055cbf843b0549e04748528aefae8178b0d13970c260302c09a280f796742d4714f7a192d6acbfb19265810f2945b1953b0a144520206b

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
e3fc5e8a1bce856aeb20a73926840941

SHA1
7c540014e1c233c021280fa1e1d594db4d95a219

SHA256
b993d1416ecea1415e1993dcf7a3fac126f12e23f52326ace74b96fcf2e4af92

SHA512
f8498d1acb8cb61f391713ff625923a27a66a7ff794bb3dafe0f061f170a8f1bece841ef5deb850cc5f9386674d8ffaa34cad4930511296fd745ea7bfaa99dea

Download Submit
C:\Users\Admin\Desktop\OptimizeStart.xlsx

Filesize
12KB

MD5
8e20ec91e96c99d09161b9a43158a774

SHA1
819581b1f5df9f3d8e2d906ff516f89e1bf551f7

SHA256
ad36f0042f704a98038cc4bef66eea868992d1cdc3dee23c112b3dd2226ba4d1

SHA512
1cce88a7a02b5968d5485f124310cfc573283068477f9e108c227166955f1caa1ade4cef62cc7555eeb1a9a820f96806762943f2732f3cc2e3cc9944c6532af5

Download Submit
C:\Users\Admin\Desktop\PingShow.svgz

Filesize
423KB

MD5
8381ec6a79222e21cb13f17c4c86c7c7

SHA1
fe6b64cfad37bd1a002e26dbeb32fc269274bb78

SHA256
44c4f3b6efe2f82b463cf39654092696e7874c3677480b43334d523ee9d7a0f0

SHA512
94ad422cc103665b35e9e17d246d9ff4f632532b63c61a6858102f781c96b8f39f43932b3ca227e72a71cf4b41cad7f0d576edbb3d98792717987952cbf10ed0

Download Submit
C:\Users\Admin\Desktop\PopUpdate.html

Filesize
266KB

MD5
79ae3ea51d7f36664a598636c54742c1

SHA1
62570bc904de479e522e326a775c4840a6db1931

SHA256
656f4db419580070c9302ff5c88d5e224f7bd0986c2dee7c640d0e574f248000

SHA512
d1a912561484ce3c6f75daaecc4d289c2e959813cbe9cd1024feb1e4479d52f46ee7ec7720b0f18643ac3441af62b56b6350900ccf0e2979f4f1366dedda3ec1

Download Submit
C:\Users\Admin\Desktop\PushGroup.bmp

Filesize
391KB

MD5
fd82bec040baa8a7386bbfe7c134a55d

SHA1
787c39cfe24913ae50afa1da32eb548bcbefeef6

SHA256
0ebfbb0e39228edaeb6754c100a89adb5907032ad70daab9092dbc14d969de34

SHA512
76452c8cb1d85426983ffde4dde9fb90b7870f274789e85969558bad86d1b4c6cc61d921d89a0536767275ec328afaeea22e779d16ddb4fd311a78b1dddcd9b3

Download Submit
C:\Users\Admin\Desktop\ReadUnprotect.wmf

Filesize
861KB

MD5
4e8ef82a468845b0d013143c91081f04

SHA1
5a2a5eda645cbec2beeb9c3e46ce76ae8c16438e

SHA256
3dcb493d3eefb1a0d6434b93cc86ead6988226de4ca0e9667283a1631aef89e0

SHA512
cbaca00cf20d382d5fc2fc3bec0d7fc779534926ed984ffce0aa6c3c23e5a7d31e6deadcb55af5120cf1833ab159dfde3fc2cd73dee827a81bd0fe3a68658ed0

Download Submit
C:\Users\Admin\Desktop\ReceiveRemove.pps

Filesize
470KB

MD5
3fd3b26673eac80cb226ff8acb5b928f

SHA1
3f58092263704a49b1abf2cf864e0d6979b554bf

SHA256
41a6e56dd0a03cb78a86247c3ce9770f05101661f3e82ab53b0fce9e80f85618

SHA512
d6891c9b49c19356189af515efc086193a86642967781ecd5f0a9185f962f51efcc5360f5544becdcf6062fe539ae6670b99886f51fea1ab75fdd0fc8e737c8d

Download Submit
C:\Users\Admin\Desktop\RepairUnblock.aif

Filesize
532KB

MD5
ad485df33c88c402f78cebbc07e4d5d1

SHA1
e8d0e7a35880e7c2083f60e632fae81eedeb851e

SHA256
dcd775e2cbfc4b6200038c8c08cc6157a0148e7f5b29bebd09e66cc62dfd62da

SHA512
a66e19e391b3d824c0fa607a0ced0274d06cf61abf2037b29a13859edd11e5948ec861ea6f7015218465fc6a8b50081783bd39e2609fe7b04c357d70176e00fb

Download Submit
C:\Users\Admin\Desktop\RestoreComplete.vdx

Filesize
282KB

MD5
3422f9a8941afb546c3e50f8b11c5dba

SHA1
dc6875cc4ec0d358f0fa22de5a9ef909549907d6

SHA256
a6fb5bdd9c8014417587eb32d1d3c987881878950e65c90e1802a11358460350

SHA512
61bef485542dd131c35ae148be0a1f1eae93436b599409644787d878a7040b200b98398c8845551083a5f69ad4f646f6598826483bfc3e57cc09f9b508ec13ce

Download Submit
C:\Users\Admin\Desktop\RestoreUnlock.odt

Filesize
611KB

MD5
945baf5f6279144bc9414800d30c1762

SHA1
0b41412b5baf9df80a4d00d60d2ea6b974003ccd

SHA256
2b67e650671d25f6acc648d1a740e3c2fdadb4c8f01de2d534b9104f4acf4178

SHA512
bcf3165e51a16d550fddb132ba730d0733f5dc36ca8562568f1e708830a6f76f6b924fef76cc602b055b954e18b9bd3ab941cec13f4d52ae7596235c4c0404fd

Download Submit
C:\Users\Admin\Desktop\SelectConvertTo.3gp2

Filesize
579KB

MD5
4e67b5e56677e367a33e9825f4033346

SHA1
f1e0ea142dc16100ec60ee34df48a870e9bce71a

SHA256
db9e9dc06e634aad13b64401922cc352e44d75708a2b9ff326ffe7c88091c4fb

SHA512
cdb627956c8f9b2657e25d965bed55663258da7a9ce56043c067bef955758da54bba2910c326392e181a0d41b413580164a7cab106542581ab903fba989bb7eb

Download Submit
C:\Users\Admin\Desktop\StepUnpublish.zip

Filesize
454KB

MD5
9f862486573e0b90a18965d236153d0f

SHA1
aa97b0190d33f394a33f5d9ddbfd0c9945e14f92

SHA256
41958a9a17d278546283cff819729e77b844e2763f93815e2a07c84e34b0dc11

SHA512
9d8684e39cbd3a70f6a25d3f3a312fb0f8367afddc707ae301a2e054132f238ba971d2b658b0cbf0ad173f1b32655e28501bb8c7d14953f541d93a084873658f

Download Submit
C:\Users\Admin\Desktop\StepWrite.pptx

Filesize
548KB

MD5
7155b570c567b01e4e3fff728828ba68

SHA1
e6b85e579385df48b7717b04877b692338c4c7fa

SHA256
5f088abc4607fc558a6732493b512e1a89ea0d1f35bdce4649c16254f5a846b0

SHA512
3ac9ea8992edc2b5d5cb8b9e343527128de795ee7c32de7ff606b2900daa9fceed87b3231d4bed7f54e5a1c13b49974559cdd1bd50dad2e7dc76826ebcb31de0

Download Submit
C:\Users\Admin\Desktop\SubmitWait.ppsm

Filesize
501KB

MD5
028f56b88bd764dc3dc4efae2661fa48

SHA1
83648953480800e7f83e53276d77074a71f1f7d0

SHA256
6bad78e00078f1df5b82443357ef3e2fa6cde933e84509932d12bbd540b70596

SHA512
c87ce823f0473a9c5d645977a087514cc747c85887b59884fca59cf813131b7091c5a00a1ff31c950884dbe49fefc6a958d655e97d33e9c1b9c3f689a3a79841

Download Submit
C:\Users\Admin\Desktop\SyncOut.vsdm

Filesize
595KB

MD5
c3db9f059fd5a2099904d864bfcd83e7

SHA1
0c6f3f7a131bfa1e0ef5f9e86c56b64811ef7ad7

SHA256
1bd8fd34ae10364f0da71dbfbfd75c67f6811b47e1ad494c74986172fd755e9a

SHA512
6b276654782584cf414b4b3cac7d9633f4d1ede3c37a50da96736da930f1dc74dc392b9cd5b327a3c2113967dd2b59077ca31f875411133e2c8e45963c7ea84c

Download Submit
C:\Users\Admin\Desktop\TraceInvoke.otf

Filesize
485KB

MD5
404605bce3002f29ae3cd2d04cf06f4d

SHA1
4cdb59c5dcaa0c93f577af8964f88720544d4576

SHA256
5311c4ccb1ecf612ed887189d8bab761d5659d9635b644677d32e481800c4142

SHA512
d346f02efdab8eb867b22b0f511c19af519a097670132f0030d3e72438ff24309127db432f451f04b8220299626b486920a488e67804c8fa633f247a2c2f8b5c

Download Submit
C:\Users\Admin\Desktop\TracePing.dotx

Filesize
250KB

MD5
68fc49ba7c5f099eaecc493a2a5008a9

SHA1
079db3f66c7bc09e2a432261960383dca769e7d0

SHA256
b738cac6328be45141e5f613773fe3f67597ab774c6438e1b92535da81f0723b

SHA512
e206dac7b40ec424aa58b93b58e22d0b8ec7ba835fdbdc9e6fab2d76f7dbca5ee24f7b8dd2cb012635fd2201b4acd8cad378fc5ad71d9b709f26267e3f66b33f

Download Submit
C:\Users\Admin\Desktop\UndoPop.bat

Filesize
235KB

MD5
6eec247abcc94333d068113893575efa

SHA1
5279c578a9e17003621ee851621549a5732ea213

SHA256
d677ffa1dbfd148e083d4d427620a7d51c6daee5156ad90f71b2ce22225266bf

SHA512
d21d3d046854674179f39703e0b671c8142e7642c1418e3b684eb6fb69edad68c3bc51687626b2a083796d752bb80dbdc9df96a229d28e852f730fc5d9220c89

Download Submit
C:\Users\Admin\Desktop\UninstallLock.ppsm

Filesize
517KB

MD5
98ff135ab9913dd8dc1958003087dee7

SHA1
348c38a1b2359506eba4697ab160d86142ae6835

SHA256
fe1b70d06623c951a6c17c7ecfc0156c39870dd8704d310a080ecab73835623f

SHA512
a5c7da3bf0d8b02ef51710ded1f9eb4d306f5d2fe52cff3b8b3c085e1c5a58a6791e224fde634dec2198de041bb437d00039719febfdf6803833f680b458d3b1

Download Submit
C:\Users\Admin\Desktop\UninstallSelect.wax

Filesize
376KB

MD5
da952068b999279f08c4f5a9a5774990

SHA1
dc9cabf9c8295a594db7b9e32f9722a3e9e319f8

SHA256
d46efface2e653f23513cb9f7a695d6964337790043cdab76b1a338314905475

SHA512
26362cf542f1ca6f24dd6b9e191e82d58bfd078b42c828af6c420d252ca343e2bc7a77033803b3e5431e7f62b62b161ea76528ee48d6d735e23f0430e639aec8

Download Submit
C:\Users\Admin\Desktop\UpdateGrant.vstx

Filesize
360KB

MD5
d025b9cf4d632203fc3f7455f0a56a46

SHA1
0c4b60a34a353ba69b8fc00df6e35c479334c4a2

SHA256
098722a241df6f48a99c9401f72834f4bd1f4f4b81aeed25d004067aa5a89c9b

SHA512
59e45fbc4fadabd903723612f63e33a91e7fc6bf5297eaa6fe0eadf79a26fd484db04d84429826945d87e99d8721b03cb433dbd4786f5b4920a1917ac451b598

Download Submit
C:\Users\Admin\Desktop\WriteOpen.docx

Filesize
17KB

MD5
70cf4cf0adb020f47db1c9ce08a45ee1

SHA1
469abdde8d71b8bccb5d566f37d62701b616b9ed

SHA256
0bd8efe95357865487d709dd59a76698c879228b2976aa163246737c71e5b5c8

SHA512
f7c7c6838bb6f5c5ad6ff1b78e0372bc38295b202fc28ba1585fe7bf4ebd70abe5760870ca1a6be217de30918bc6918c7651ececb631accfedbb16390c4670e3

Download Submit
C:\Users\Admin\Desktop\WriteResolve.jpeg

Filesize
626KB

MD5
9021ed3404cebdd1720458960eda22c3

SHA1
85f5258a1327ba873b562a2353f46bae5c728e43

SHA256
5384119cb769385c62a470d6f68f68f12063aab52d65b1289e807b2b6ae78465

SHA512
91e85e2410ee48b9637ff5a5e33393353695ef14388047fc3350d8bd472ed031760603401ece52650df08aa5286dd29cc7d4af6654e9825354d7e99397e3c712

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
34a57aee30ca057c61c73ebab410117f

SHA1
eaf72023e5346a733d57e0ddb9a1d42c2908f396

SHA256
d7373cca840e81a42a578a23392bcfdadc3129ea9f90fc9056a3266b1040a8a4

SHA512
e61ff556d129d5bc8ec16ab151fd10fbc8a2c2b238bbe3e7a6a89bfc3b08612c8ba8bfd2111adb0cb134503b9f85f6bfaf58915fbec220f4d9b3d243515cf077

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
41d15f39f0cdd9e1fb87b0905c5eef67

SHA1
c67f6e793d56fca48207002577aa5e5917e18ae0

SHA256
77a8aa315a9ac40f597fb28733669f40f4697f564402dcb8aa918540811add9b

SHA512
77f1f4872a7ba998f17ae9c272669419b8755c4876ff7a163fe236a62af748c13f7ff9c5850c7cd0d764b9b02583982f773e58ac24f6c543c34dbd50821a74b5

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
ce4864e7fb15c7c15472264a8f8cbe62

SHA1
84fcf636c709029a882d7193c9288d1d37d68262

SHA256
42c9c4687d7369395d5121db46ff708cbf18f623fc8c515e616307461e4c4d64

SHA512
b3f37b21a8fe9971776fb4d711c98ef9a6b8b225f779dcc94ceed892d05882eaf4306593473d52f7d6370d9f1286cc01756a07b3292398c1d88591e5f88b71d3

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
99b01f86a345233811cb34cf868c8534

SHA1
e483864dec47d5e3b71ba4b6ae15ed1579221bbf

SHA256
1151b9b4d907b845d6b7ca6d660494d9c39767094e0a90c0efe62d55f3906756

SHA512
665bdc5ddcdfeadf809b0b3cc6fc8927a272f79cee0032e09b083d2a21e8ffc1df96935f096d0df55aae0279eadf4ce740f608d1594a28e7046eb7bb8e0e09ab

Download Submit
memory/1004-0-0x00007FFE020E3000-0x00007FFE020E5000-memory.dmp

Filesize
8KB

Download
memory/1004-18-0x00007FFE020E0000-0x00007FFE02BA2000-memory.dmp

Filesize
10.8MB

Download
memory/1004-14-0x00000159A8B80000-0x00000159A8BB2000-memory.dmp

Filesize
200KB

Download
memory/1004-13-0x00000159A8B30000-0x00000159A8B7A000-memory.dmp

Filesize
296KB

Download
memory/1004-12-0x00007FFE020E0000-0x00007FFE02BA2000-memory.dmp

Filesize
10.8MB

Download
memory/1004-11-0x00007FFE020E0000-0x00007FFE02BA2000-memory.dmp

Filesize
10.8MB

Download
memory/1004-10-0x00007FFE020E0000-0x00007FFE02BA2000-memory.dmp

Filesize
10.8MB

Download
memory/1004-6-0x00000159A6630000-0x00000159A6652000-memory.dmp

Filesize
136KB

Download