Overview

overview

10

Static

static

3

gdfgd.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/09/2024, 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gdfgd.exe

  • Size

    7KB

  • MD5

    1f5b2d7d10cea24fdcc4853d35bd7ad0

  • SHA1

    fe8eb81e545b47f43a506e1eccb6264efb8238ae

  • SHA256

    70a91811ab0373e2b51074a2adc35985725d4b49fa9d46fd982ea7d442a8453b

  • SHA512

    62daade896967e9a30990b4ae522df3bf7da8a394ae02c521fcdfa80b87dcd22ad163af83572faa39601a4543610034e5d3e25c48581886023eb011ff2190aab

  • SSDEEP

    96:+6b1QzMf6oX+J1m+uLx5inmF79RfYPVt9e7IiT7l/TBYzNto:+k6oWBMx5imt9Rf77DB7B6u

Score
10/10
spywarestealer

Malware Config

Signatures

  • Contains code to disable Windows Defender 2 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 36 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gdfgd.exe
    "C:\Users\Admin\AppData\Local\Temp\gdfgd.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\AppData\Roaming\ms-content.com
      "C:\Users\Admin\AppData\Roaming\ms-content.com"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4992
      • C:\Users\Admin\AppData\Roaming\ms-content.com
        "C:\Users\Admin\AppData\Roaming\ms-content.com" i
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1776
        • C:\Windows\System32\taskkill.exe
          "C:\Windows\System32\taskkill.exe" /pid 596 /f
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4808
    • C:\Users\Admin\AppData\Roaming\ms-content.com
      "C:\Users\Admin\AppData\Roaming\ms-content.com"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:596
      • C:\Users\Admin\AppData\Roaming\ms-content.com
        "C:\Users\Admin\AppData\Roaming\ms-content.com" i
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4756
        • C:\Windows\System32\taskkill.exe
          "C:\Windows\System32\taskkill.exe" /pid 1776 /f
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:380
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:748
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:3236
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4828
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3108
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4660
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ms-content.com.log
    Filesize

    636B

    MD5

    d22c33a3f9224a584d6c3308c0d0b828

    SHA1

    255ff30b4c7d923eac88e67f4465674f2541a083

    SHA256

    af6e56255d593837a4239f8595722408d94bb725273689c4f2641b2173e9369c

    SHA512

    6a3e0d8c958d735c8ed90ecb05f005d2112da2116814fed5662e3fe9613b39f908b9f7a6f5d5b1c5025830934ef94072a25d7ea5f9b7ad01afd9b5d324dc6ee3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OG47L2J5\dyn-goal-config[1].js
    Filesize

    3KB

    MD5

    e3635e7b735940ba60629e73f5136026

    SHA1

    9cb53ecc9e370f27adacdf522f47688a9a0590e6

    SHA256

    0e7e3045519beaff2095d4a64b8dfb1b581013eb5b8f4b3549983c69abe7139b

    SHA512

    fe65a2043d22e0b11bad462ca623f20caa6effa160c4496c2f8848c3d7b0c5aff5c4618186e495fea33ff07ba894462fc3362242ca86dbffd1109604a55acb17

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OG47L2J5\sync-loader[1].js
    Filesize

    150KB

    MD5

    cc1cd27dcfc059f376856cff570c367d

    SHA1

    e8a75b8535bd90ee20e740678ab9b6c424bc2bf4

    SHA256

    50a0e67fda5042b08e0473f15a1b01be5618e8a10ee417e6c4eb33430157c8db

    SHA512

    f71a51cadab428d26aa641b3ad08ea57ca992bbceee337fd7df33d6b6043d55ef255860994e8f5a93748e75597370f19ab3acedda29ecef9496c6f09dc0e441a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VTQJGK72\802AF1[1].css
    Filesize

    26KB

    MD5

    e2dfb8a3aa42baac8d4f0d921371bc12

    SHA1

    4b802af1b5aece7b5cdaf722fcce226727b84208

    SHA256

    f2151fc072e9b80cb534373384fae30ecd45e7f9357829dd17132b1cd51293a4

    SHA512

    79e6e78c8647234243be3ba3c912f182ed61bfd03f9c542b5becac809f80ba82007f42b05ed3f2c8625247a286c2bdb11e230a315b36764d3e4f22f22368c07e

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VTQJGK72\bulkstat[1].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YGWDMITP\code[1].js
    Filesize

    45KB

    MD5

    cb15388be80f1a0553d49ceaf5b65b65

    SHA1

    fa14751deecc523aabb68aa696ae31ba249b3e63

    SHA256

    557f3d629cbf8c40716f4c9d7c0147dc3f904ab7bc90b75b43bdf46ff79aad51

    SHA512

    e5ac7392e3e1cc5580ff84f1971df3e7f3ef25e544eba7271ab7b694c814512698f79b8350c24fffa0c8007deb65647ecc9e938961686457bf4ec20f910523f2

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YGWDMITP\tracker[1].gif
    Filesize

    43B

    MD5

    9bb191c6827273aa978cab39a3587950

    SHA1

    25d8043336eb799e52b1a0e15ff6b95e09c24e35

    SHA256

    24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

    SHA512

    c3970b9a8dc9b424528274e8d22d21e9990ce956aede61cba13de8d7832a8c896eaf1032662a78e95980ea013090cd4406f32604da3c6f557aa136842d04324d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    394B

    MD5

    712fb70e0f8822ba34bca2b9dfc8b46a

    SHA1

    63506d3418fc9cbfa3d57bad26dce5e7158fd623

    SHA256

    193e54186b5db7ecf05969020f1974d8974f0a45f7fdb03d518db2789c965518

    SHA512

    6c0e503e66f09d6594714f96e07a99866a333330db5bc07284f790ab556106d63676fa3d792e9e0cd9a4539d533387118b29b819d45c0cdf31cb8cd4beae51d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    738B

    MD5

    2aaa79451efc65913008ae0190a8a7c1

    SHA1

    bfb276f790a88ce025032860a029381a19723eb9

    SHA256

    d79ee5ecb5d4de57f4773d1b0f0b5f6fa2c6ad4f5468912e436f902d95fabb79

    SHA512

    e0ec3fdf3f7fc357470e8c56e11036ff3706640b36f58180ac5310f0952ab5004538505d5b2089b8cbd7828fd90985bef3edc1f2043ca27a714c8dc25ab44412

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    3KB

    MD5

    5a98bc2241eaf8e7f4c27aa491ca5f53

    SHA1

    71637b7ff6a8244a0b951303fdb283dad6bb1011

    SHA256

    f23dad4dd2ac5f796fba40fb33d07cc545ba56e67427ba8445ed5dc641e46ab3

    SHA512

    b40bc0d9f2c04533e06299133b3bb992def4499c064be8ace3f24f219e4b2fbcabd537bbe7a17bc90db30859b92705f3438726df2bc382e0b5fef1a2965c40d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    3KB

    MD5

    92ca7ad93883395bddbac55837217e2e

    SHA1

    2ba8d39344b5f1b68186df96f7a93a50dfbf545d

    SHA256

    1f7723991c921412283b831f2ba096bc63944202ab42fedb12b0344a896b8481

    SHA512

    72e9dfdae46b1414fb331a3848bf572d8bdc95c925c3f866a785eca6ff24944217993f8d86fca177ba815891d233f48f57e288e38bcc650ce553e09510348ac6

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    270B

    MD5

    7be1c5714a86fa72c0d4f50e1eed741b

    SHA1

    ce52471405815fe1e215699f226babc64e5f8eca

    SHA256

    70a7447dcbbdac492b45727a1696a3d57b006a0c595c29256af7c97bbed0dbad

    SHA512

    2004eb2d8e61493a7f00551e595ad7ec9a8a70b115587021781625e779b6ca52b2ea3fafd30597b13db39d6fb63962179f859d1193c01e34263d05c4c462863a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    270B

    MD5

    36a551957ebc3050dcdcf07b00ce1620

    SHA1

    b5496684377c2859508215fdad29e5ed43071457

    SHA256

    251f81baee28472ec6fe1de8526082dda5a05dcf3832c55936b7c07662294ca6

    SHA512

    5ec7fb204c524eea303ff3e0758198ee993d730508bd392d3451840375e0059b9a18a8a514da6f6d2a6c38374cf324ed6559928c8f367eb181218c53b895f0ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0ZJQ3TX4\otvet.mail[1].xml
    Filesize

    270B

    MD5

    76ecba91cad041af362f6efd4950df3c

    SHA1

    ae2b087aadf1ca59f7bdffdf67ce705206c69e91

    SHA256

    f06c4c4ce5de2a951d94cdaed00cbda63c0e6196d258858398b12bd4ce8927bf

    SHA512

    03eca71cc04399b708255b3ad5a277492ca90c7d460a3f18e939ac1fc726edfcc7f5d31a3239decd5ff9d9fb29946915fa30ba65030e39631065d9427b87ac7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P25NBSGP\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SWI8KNW7\favicon-16[1].png
    Filesize

    522B

    MD5

    1db6c27220eef547af8cbe9df6121634

    SHA1

    00c29abbbf3dc7c324cc3b92d983e9538b887bb2

    SHA256

    c39fbad75722d1e4b3840295b22e621c419c71f6c84158778fd738156fb7e88b

    SHA512

    6b16ae48b1bf2dfe981e282bfbe317bd063f3b9847dd2c5ff1b066b7fcc1423ee134e43e95776e35397a57c63f0a93cf88b0a7394f239ac696b5f574f9183ce0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ms-content.com
    Filesize

    2.6MB

    MD5

    a5bec9b60cd99151c0f4eb75e131f15d

    SHA1

    b1db50581699ec8837b9ec7869cdc1fcee2fbf73

    SHA256

    42bd5eda82ee90e2fd49b3c0b6c627f01b778c1ea55c56e8f107cd2592e95eca

    SHA512

    3d2d1e2e6b7e672c827bb2eeaa706c881d186a076fce6bf9a9f53dc19b013bb32f0ca0be4f40482ca2b81ff162a4de9bc686a7580fd2cc80fa168cedae6083de

    Download Submit

  • memory/748-133-0x0000022F04EF0000-0x0000022F04EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/748-59-0x0000022F7DB20000-0x0000022F7DB30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-43-0x0000022F7DA20000-0x0000022F7DA30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-78-0x0000022F7AEA0000-0x0000022F7AEA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/748-134-0x0000022F053B0000-0x0000022F053B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1776-22-0x00000287D28E0000-0x00000287D2A36000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1776-21-0x00000287D2800000-0x00000287D28E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1776-20-0x00000287D2750000-0x00000287D2802000-memory.dmp

    Filesize

    712KB

    Download

  • memory/3108-88-0x0000021E38400000-0x0000021E38500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3152-2-0x00007FFC012B0000-0x00007FFC01C9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3152-1-0x0000000000F90000-0x0000000000F98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3152-18-0x00007FFC012B0000-0x00007FFC01C9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3152-0-0x00007FFC012B3000-0x00007FFC012B4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4660-107-0x000001FDB4AC0000-0x000001FDB4AC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-269-0x000001FDB54E0000-0x000001FDB54E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-116-0x000001FDB52A0000-0x000001FDB52A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-112-0x000001FDB50C0000-0x000001FDB50C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-110-0x000001FDB4AF0000-0x000001FDB4AF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-118-0x000001FDB52C0000-0x000001FDB52C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-106-0x000001FDA1E00000-0x000001FDA1F00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4660-446-0x000001FDB61B0000-0x000001FDB61D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4660-449-0x000001FDB6210000-0x000001FDB6230000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4660-142-0x000001FDB56B0000-0x000001FDB56B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-148-0x000001FDB4F10000-0x000001FDB4F12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-150-0x000001FDB5F40000-0x000001FDB5F60000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4660-177-0x000001FDB5E00000-0x000001FDB5F00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4660-239-0x000001FDB7720000-0x000001FDB7740000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4660-448-0x000001FDB61B0000-0x000001FDB61D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4660-264-0x000001FDB7600000-0x000001FDB7700000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4660-271-0x000001FDB54F0000-0x000001FDB54F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-275-0x000001FDB62B0000-0x000001FDB62B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-273-0x000001FDB6290000-0x000001FDB6292000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-114-0x000001FDB50E0000-0x000001FDB50E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-295-0x000001FDB5230000-0x000001FDB5232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4660-292-0x000001FDB5210000-0x000001FDB5212000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4756-26-0x00000285CE5A0000-0x00000285CE5E2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4756-28-0x00000285CE610000-0x00000285CE624000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4756-36-0x00000285CE670000-0x00000285CE67C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4756-41-0x00000285CEA10000-0x00000285CEA52000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4756-42-0x00000285CEA50000-0x00000285CEA92000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4756-30-0x00000285CE650000-0x00000285CE658000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4756-29-0x00000285CE620000-0x00000285CE63C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4756-25-0x00000285CE590000-0x00000285CE59A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4756-32-0x00000285CE6E0000-0x00000285CE702000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4756-33-0x00000285CE640000-0x00000285CE650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-27-0x00000285CE5E0000-0x00000285CE608000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4756-24-0x00000285CDF90000-0x00000285CDF9A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4756-23-0x00000285CE4C0000-0x00000285CE592000-memory.dmp

    Filesize

    840KB

    Download

  • memory/4992-14-0x00007FFC012B0000-0x00007FFC01C9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4992-11-0x00007FFC012B0000-0x00007FFC01C9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4992-9-0x000001F8C4510000-0x000001F8C451A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4992-10-0x00007FFC012B0000-0x00007FFC01C9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4992-8-0x000001F8C3EE0000-0x000001F8C418A000-memory.dmp

    Filesize

    2.7MB

    Download