Overview

overview

7

Static

static

3

Cosmic Binder.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    328s
  • max time network
    341s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/09/2024, 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cosmic Binder.exe

  • Size

    6.6MB

  • MD5

    0ad7298482f7528e1eb360b7110f05bd

  • SHA1

    a2a40d27d7f01d55878c5ee0450aebaf656ce3d0

  • SHA256

    482212ad374ebd572a44bb22e5e16a19843a281f0579e000c618f150bf1d20e8

  • SHA512

    2995396bc27d50e92ef44a23a32cb954022b328f4c5137f7f1cc54ad141f6fd3a99e7fbbd82a38876cb14bb9bd17962bb79d8346ba49177dd36b4233bdc4e215

  • SSDEEP

    196608:fKAxRJ675rL0y13he2qDbTbu/QjU5n2YPozziRR4pEXfTEok+lx8OH2qsmvy74Pg:L70h33he3Db81ozziRR4pEXfTEok+lxy

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cosmic Binder.exe
    "C:\Users\Admin\AppData\Local\Temp\Cosmic Binder.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4048
      • C:\Users\Admin\AppData\Local\Frameworkv3\csc.exe
        csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
        3⤵
        • Executes dropped EXE
        PID:3856
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3568
      • C:\Users\Admin\AppData\Local\Frameworkv3\csc.exe
        csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
        3⤵
        • Executes dropped EXE
        PID:4936
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Users\Admin\AppData\Local\Frameworkv3\csc.exe
        csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
        3⤵
        • Executes dropped EXE
        PID:4636
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Users\Admin\AppData\Local\Frameworkv3\csc.exe
        csc.exe /target:winexe /out:"C:\Users\Admin\AppData\Local\Temp\Testing.exe" /platform:anycpu /win32icon:"C:\Users\Admin\Downloads\DebugOpen.ico" /noconfig /res:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",CosmicBinder.Resources.File1.exe /res:"C:\Users\Admin\Desktop\SplitDeny.jpg",CosmicBinder.Resources.File2.jpg /r:Microsoft.VisualBasic.dll,System.Windows.Forms.dll,System.Linq.dll,System.dll,System.Core.dll,Microsoft.CSharp.dll,mscorlib.dll Program.cs
        3⤵
        • Executes dropped EXE
        PID:2952
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:2292
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:1804
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:2708
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4464
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1020

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Frameworkv3\Microsoft.CSharp.dll
        Filesize

        47KB

        MD5

        89bc6b76061a8727c094612cadf2e1a7

        SHA1

        bdc2863619cf3cbc9b1ceba00e247af4ad5fbacc

        SHA256

        b1a71f9a5315bb3834d97fb479be6a095cdd74a1b20e132ded78f6e8013d0a89

        SHA512

        bd572fca635216c44bb35fba7a9dd83547a7246a873d7a63547a56d7cb599fac61142cb5b6e11a5e604457beca2ed63ae5be20475521cec34b8c4669be04f54b

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\Microsoft.CodeAnalysis.CSharp.dll
        Filesize

        6.3MB

        MD5

        5588bb1d28e085a18ad2d404628598e9

        SHA1

        4d8022c3cba88b5bb1a4f63eaa19e7dae549dd79

        SHA256

        3ec3495cd2ce822bdfc6b9c97d24f87a2b7d5393b29b828da8d96fe756cdca15

        SHA512

        ad333d42047f995727ffb90c9300e363208a98e9e9217aa89ea63cd7d3479c94e098af3ed29e9e5aa09b3df12a656307f08e23561bfd9973ba61591ccec92038

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\Microsoft.CodeAnalysis.dll
        Filesize

        4.4MB

        MD5

        535abe50557a55e144667dd5149fd0b9

        SHA1

        e00ac98232cf85e628b5044767316aff75e3f8c2

        SHA256

        528e969f2e696733b1e05cbb0a8f27c3cf7853ca737ff64c7ab13ceac1fdae83

        SHA512

        209a88dc3fe3a559d42b969e1b4e8e495d2e0029f081ee6c46880bc771dcb1c3edb5544b6e61d675b7bcc6b9090b9316ed3d624df78a003061f0fe59abc763c8

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\Microsoft.VisualBasic.dll
        Filesize

        137KB

        MD5

        5bebc401f866d7d4ba0d48dab43ff4a5

        SHA1

        4b74dbea90aa0776aa9c88801aa83144975c691e

        SHA256

        286d469a1e3e48eef69a2a0e7e1ca6d8101d9fc87302831e23a8085c3857bb04

        SHA512

        cd225b3c171ac4b24368e3b276c2e798a9bf184d3630278e660cb9569cc73a07a7f98cb706771591b1066bedea6e4d7c2b9fd661416d267e9f6c95c0e7dca8a5

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\Program.cs
        Filesize

        10KB

        MD5

        7fd35b3693d8d85871e806a19515023c

        SHA1

        64dcd0c01f9b3b4d1f98634273ceb842d107dd8c

        SHA256

        c4327ce10cf6b2b1366890ecb988d8dfe8a0bd597d8566426278339c74d8730a

        SHA512

        d735e7c4add829db8c157a87db1647ec34357d198b39b0215e7f3badfade5fe60f2b055351e8e62b8b20ecd81ac445e7b184d99c007911c70f1b2e03b45e7e2b

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Collections.Immutable.dll
        Filesize

        189KB

        MD5

        d96470eec1462cdc385bfcd024a5d91b

        SHA1

        9adeafc9c76e29c275f2070cde10e6f7597cace0

        SHA256

        69e57ac412200e47fe7b5f933a30c594e1fc1517498c88920aabc702f5ea00a7

        SHA512

        99737518ea853669e06691bce59fd6bd12668a07949ac8c77a2b062c3dc4077c3ff47c3a621b117e0fa7d0426aef5e5b663f1db7991381f9b1ad178946e39eec

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Core.dll
        Filesize

        229KB

        MD5

        73ce65904aaa5243bc10d5db94ad85d9

        SHA1

        7811617cd99d8ad5cb693c78527c4ff85682b7d1

        SHA256

        945ed694b31770c40e3471884714ffde19bf4031e6d9c95645c267422034ed67

        SHA512

        1bc7bcfe4e317816f5cec6bc37003af4823f67ae44e98d4aa3d773b6c7827ddca13746b0a6c739565045e255196a48f3d98ba0283f6d6b95ff6b7f05938c1668

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Linq.dll
        Filesize

        21KB

        MD5

        c80e6fd71843c5d293fbf61aabc202bf

        SHA1

        5bb086feaec6619f80ec9e53b3dc509850cdb6f5

        SHA256

        0bb25f3082f5ee96db78063e7d21aa67e529aab27d46006e41ca64d8873613ae

        SHA512

        f7b418fbdb30414b0de1c7a5c3a77d92640330ed8951d13632eeefa965bc9dc2151020881024a64b97d582d9a5a393b5eda6190f9782b31f7e09c58519c4f867

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Memory.dll
        Filesize

        137KB

        MD5

        6fb95a357a3f7e88ade5c1629e2801f8

        SHA1

        19bf79600b716523b5317b9a7b68760ae5d55741

        SHA256

        8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

        SHA512

        293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Numerics.Vectors.dll
        Filesize

        113KB

        MD5

        aaa2cbf14e06e9d3586d8a4ed455db33

        SHA1

        3d216458740ad5cb05bc5f7c3491cde44a1e5df0

        SHA256

        1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

        SHA512

        0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Reflection.Metadata.dll
        Filesize

        451KB

        MD5

        c4ea65bd802f1ccd3ea2ad1841fd85c2

        SHA1

        2364d6dd5dd3b566e06e6b1dc960533d2b3017b7

        SHA256

        46451e1168dd11d450aa9b6119f17cec9a70928a40ac3c752abf61ce809cba6f

        SHA512

        fc4c18ea6a6f38d8c4b4f2e02d3d077cc729b531ca08cf9602c65e22aadc0be770e441660cc980cbfed3b27bd783e65f793838532673e2845276390b4b22d730

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Runtime.CompilerServices.Unsafe.dll
        Filesize

        17KB

        MD5

        c610e828b54001574d86dd2ed730e392

        SHA1

        180a7baafbc820a838bbaca434032d9d33cceebe

        SHA256

        37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

        SHA512

        441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Text.Encoding.CodePages.dll
        Filesize

        744KB

        MD5

        4c12c76415a3d8af9c3cbcf0a3cb52dd

        SHA1

        b6a5ebf42211fdabcf377ec2018b6b9a14a99761

        SHA256

        87f7f43626cac445a9cbacda4068c51c0b17b6af6e6b752ff613668c21e49412

        SHA512

        e01ea56118437f54068375b3472ea611e865888f932ec5a21d2c8049d7e398713152fd69b674723fed87ee23ba7939895b3d5b5bee690b13c00428f884b9f116

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.Windows.Forms.dll
        Filesize

        1.4MB

        MD5

        869972844b903ea5b632df1aea367fd3

        SHA1

        c726f113374dee7afdab0ee76b0ee20c01b46b88

        SHA256

        0811e1e938d66a35c1f03c3e8a08ab53b822d18f67ed0ae64a868294a23872c2

        SHA512

        81e04a3e127084d565a5c3df21db4899479c2d5860d594b16195a93889460fce2c412c763d232c901d88fdf503e8e044d25fa4f23e4b1420cf9c06a9e6f3899e

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\System.dll
        Filesize

        1.4MB

        MD5

        3ec3060a5c3f8b31a5a330941a2a6e8c

        SHA1

        8cc424c2552fb77fb26e31c69fc29f9c4b91a442

        SHA256

        8186c61afa8e04ca6d1ac79d4f5407779b76c42728603e85f2aef9d1d6d49d91

        SHA512

        865e7581fe70b4bfba75655029dc223ac1c0e21a55b4a1861495e2ed2e4bee4aa00525d37c5af70fa661f6406486d0956330fcafadb01b97891073cb70f3e8e0

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\csc.exe
        Filesize

        58KB

        MD5

        ce02a95034e40f164cedd6f099d07425

        SHA1

        77b750f4bd494111949f8c6a21015fd4639f04db

        SHA256

        3525196b868a6604de3c6ee7de44d44b6c5dde8f3a27cd8e409084bf628358b5

        SHA512

        7153635fc7e1e30f67b46ca8e66499a87dcb63fe3d73a8b4624b2fd648913359061d61d2481310f7e4bf2dbddd63ce6a1fc9b693baf3e771898bb883a2e835b1

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\csc.exe.config
        Filesize

        4KB

        MD5

        efe5a22122f012f37c2b66b4b5c606d1

        SHA1

        b5418dd53b7b85686554532aa5cae79e98cf909c

        SHA256

        1ac8e21d7d9f184691cde0998afb95676b5eb324c33813ab15f46332b2530a4f

        SHA512

        b10a4d6fba4f88dae851602d5aac5dd549525f9cc593def4640c912eee15644af45f2034b83e8509524012132f8e73e80f36170728884928e60c03e85cff3349

        Download Submit

      • C:\Users\Admin\AppData\Local\Frameworkv3\mscorlib.dll
        Filesize

        2.4MB

        MD5

        040a15db912985dd0d70abde6a11cde7

        SHA1

        b57ba3e3ef0c1941912c6f9a74f3a1970911c81e

        SHA256

        1c627a1181fde179d9796ce2475dab52841ca8148224e92d60271da46cff0ccb

        SHA512

        01073e170913c16f06b3098aa8e06d7ba678c907d3cbd9fceee7fde9e53c5a25367271eca3c4347fa8d6c0d4313110885bb9c34f08d19ae040a6670dd22bcd3a

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\csc.exe.log
        Filesize

        902B

        MD5

        3cccd7ec7ce4bec48e9d44837c72369c

        SHA1

        58bed2fc18b511696ff97b41dae9323d36b07bea

        SHA256

        3158e10bb178e677f4b47fe0bc7d349cc49011905bab02f5b3b9e58574e6bba3

        SHA512

        6288a844621e95c9672a1349574fc186614ec5daa25059fde1a42323ea2812a026ea82d00cd022fa3fb51489db62d37a8cf6801e648b2e3fe957603e9444ee68

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
        Filesize

        10KB

        MD5

        cd6829f53a60318a54648f4ff9d694c2

        SHA1

        eda672c23f219a9cdbe740079412f5fbe04a157d

        SHA256

        5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906

        SHA512

        25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9

        Download Submit

      • memory/3292-14-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-2-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-40-0x000000000C670000-0x000000000C682000-memory.dmp

        Filesize

        72KB

        Download

      • memory/3292-28-0x0000000040000000-0x000000004033B000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/3292-18-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-208-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-17-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-16-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-1-0x00000000000B0000-0x0000000000750000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/3292-15-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-39-0x0000000007770000-0x000000000777A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3292-10-0x0000000009900000-0x0000000009910000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3292-3-0x0000000005830000-0x0000000005DD6000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3292-0-0x00000000748FE000-0x00000000748FF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3292-4-0x0000000005320000-0x00000000053B2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/3292-13-0x00000000748FE000-0x00000000748FF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3292-5-0x0000000005280000-0x000000000528A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3292-12-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-11-0x0000000004BF0000-0x0000000004C94000-memory.dmp

        Filesize

        656KB

        Download

      • memory/3292-6-0x00000000054B0000-0x0000000005570000-memory.dmp

        Filesize

        768KB

        Download

      • memory/3292-7-0x00000000748F0000-0x00000000750A1000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3292-8-0x00000000083F0000-0x0000000008E4A000-memory.dmp

        Filesize

        10.4MB

        Download

      • memory/3292-9-0x00000000098F0000-0x00000000098FA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3856-138-0x000001EE0FCB0000-0x000001EE0FCCA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3856-153-0x000001EF30AB0000-0x000001EF30ACE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/3856-150-0x000001EF309B0000-0x000001EF309B8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3856-144-0x000001EF30A10000-0x000001EF30A36000-memory.dmp

        Filesize

        152KB

        Download

      • memory/3856-149-0x000001EF30D00000-0x000001EF30D08000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3856-148-0x000001EF30BB0000-0x000001EF30C26000-memory.dmp

        Filesize

        472KB

        Download

      • memory/3856-146-0x000001EE0FCA0000-0x000001EE0FCA8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3856-142-0x000001EF30AD0000-0x000001EF30B8E000-memory.dmp

        Filesize

        760KB

        Download

      • memory/3856-137-0x000001EF318C0000-0x000001EF31F08000-memory.dmp

        Filesize

        6.3MB

        Download

      • memory/3856-140-0x000001EF309D0000-0x000001EF30A02000-memory.dmp

        Filesize

        200KB

        Download

      • memory/3856-161-0x000001EF30C60000-0x000001EF30C82000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3856-162-0x000001EF30AA0000-0x000001EF30AA8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3856-135-0x000001EF30E00000-0x000001EF31270000-memory.dmp

        Filesize

        4.4MB

        Download

      • memory/3856-133-0x000001EE0DF20000-0x000001EE0DF32000-memory.dmp

        Filesize

        72KB

        Download