Overview

overview

10

Static

static

3

Lee Text Tools.exe

windows10-2004-x64

10

Resubmissions

20-11-2024 21:18

241120-z5yzkayjcn 10

Analysis

  • max time kernel
    37s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lee Text Tools.exe

  • Size

    935KB

  • MD5

    45c16f2c3c9f43bfaf3f4bbed777773a

  • SHA1

    9b4e4b6a6a79a3a668f63803d2a4d03a81589ad1

  • SHA256

    7f74247962c61d595001a2d02788e55290265ed177bc696802f6f4eca51e5796

  • SHA512

    7d7ae482968d38c98f947b87520817a6165148a3e66cf89352a96a4ed5d6d6ac6e8cfa843c819d711ef066df20195bfb93b571738519bc6751826fd7b9398538

  • SSDEEP

    24576:GkHfaEEJ40aLb49n5/hLEjaEEJ40aLb49n5/hgCFzwgy:GkHfaEEJ465/REjaEEJ465/9Zw1

Score
10/10
revengeratnyancatrevengediscoverypersistencetrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

amazon.capeturk.com:100

Mutex

eea5a83186824927836

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lee Text Tools.exe
    "C:\Users\Admin\AppData\Local\Temp\Lee Text Tools.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4944
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:452
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4464
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4068
        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:824
    • C:\Users\Admin\AppData\Local\Temp\Lee Text Tools .exe
      "C:\Users\Admin\AppData\Local\Temp\Lee Text Tools .exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4128
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/LeeSoftware
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8d3046f8,0x7ffd8d304708,0x7ffd8d304718
          4⤵
            PID:4136
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
            4⤵
              PID:4604
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
              4⤵
                PID:4372
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                4⤵
                  PID:544
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                  4⤵
                    PID:1748
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                    4⤵
                      PID:3764
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
                      4⤵
                        PID:2612
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
                        4⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4284
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                        4⤵
                          PID:2640
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                          4⤵
                            PID:1648
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9767472848582445309,10939236407516534051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
                            4⤵
                              PID:4936
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2260
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2404

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log
                            Filesize

                            408B

                            MD5

                            8e1e19a5abcce21f8a12921d6a2eeeee

                            SHA1

                            b5704368dfd8fc7aeafb15c23b69895e809fe20e

                            SHA256

                            22cf24d10cc11a9bb23268f18afbc8f3481c27e1feb4cb42ba5c8775e12720e3

                            SHA512

                            48365f858592d677ef5d0e2948f672234898e47a153eec32592a2e079353702a64e41e1aa59250f05bd690690b9edfb8455dfac90c6695fb7c0b6907a057fe78

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\svchost.exe.log
                            Filesize

                            588B

                            MD5

                            2f142977932b7837fa1cc70278e53361

                            SHA1

                            0a3212d221079671bfdeee176ad841e6f15904fc

                            SHA256

                            961ca2c0e803a7201adb3b656ed3abafc259d6d376e8ade66f0afff10a564820

                            SHA512

                            a25e45e41933902bcc0ea38b4daa64e96cbcd8900b446e1326cffb8c91eb1886b1e90686190bdba30d7014490001a732f91f2869bb9987c0213a8d798c7b3421

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            34d2c4f40f47672ecdf6f66fea242f4a

                            SHA1

                            4bcad62542aeb44cae38a907d8b5a8604115ada2

                            SHA256

                            b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                            SHA512

                            50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            8749e21d9d0a17dac32d5aa2027f7a75

                            SHA1

                            a5d555f8b035c7938a4a864e89218c0402ab7cde

                            SHA256

                            915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                            SHA512

                            c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            72B

                            MD5

                            510e172acffef73e013c84b192d354f7

                            SHA1

                            e4dd09808db530c57086ed12fa35691fb27f4f84

                            SHA256

                            3774e8a3e4b73d869b91f15d8ce59b41afb26b9d68547f48bc0b6ee64b8618af

                            SHA512

                            7efac7cdecea0a2729d6f8d6255fa9c0b58128fba6d90cd9c0086495f77f02b380d8947d1f2d8419068a3ea30f4c420d9d47821590aaeed96c7a7a29cb7a3f98

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            242B

                            MD5

                            e384a795d1e597feb0a5bebd13dcde50

                            SHA1

                            7ce66637789b61ae163c1de62dc996a99cdef796

                            SHA256

                            42a6ef02d02be95231cee980c97d4398ac167e7264a5cf838b3e3a2ad2a3380b

                            SHA512

                            36f58ca4b73ed5fdfd9b2557d09203189dc9cb3db29ee9716f89bb75a8f6d1c32cca67e597dfefb3b9074be0a024ba51ff40d8024439ccbb16d17316abc2215c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            0c841de7bb5a9d210c828a5f0e517d71

                            SHA1

                            f40d5520a859c443f915b2db23425e8a1007a0a0

                            SHA256

                            b1f5ec9b884daf4ad823932561342288508b7bd9d27f75a7f07c7ea0a65f85ec

                            SHA512

                            3c851a7c2a3105e19331553bb3433786f76635c1bb9d1e0191b61955754c31595709f0ae9c69553d448484b80d417976d0f110867ef52ebdeb71a41ef7d49d69

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            3baf19cf2fd93d208a20bfef0687056b

                            SHA1

                            b99e02a61e98db2f6b39eb2bb171f9da80173804

                            SHA256

                            d8b32fd847ccaa08d7566e0ac5d67f5d609e611492f3cdadf6d255ea68078772

                            SHA512

                            3e3ad19faf3ad0310218e4346893a3b3d03137672d99513dba6a9ed7c589ff716a77aa989518417bdaabe470e3a8e0069a7fa729bf93d179102f15e942dc267a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            cb2d6c94f95526f0570f5182d4f453ca

                            SHA1

                            91b82ab3e04eddd4bf6e7a3026cfa77b155227b3

                            SHA256

                            fe020aeb8bd5ca7998e7bfc570da43a2b3dd023e2f7dac71a5c10abf1a9a7f16

                            SHA512

                            5845f95e4575d333cd659a9ede45a07eb4173a308849d48e550c760795c9dabdd9de7917fdbb89abfa67cea76ab59e25442fda9c329b09a643cd8ad3f54184f5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\Lee Text Tools .exe
                            Filesize

                            563KB

                            MD5

                            c6a289d6258169b171835ea60ab103eb

                            SHA1

                            ee3d99e430369f4487c411853f6ab0b74f6b2d85

                            SHA256

                            e3114f5d8ee3f633248221966a4cac29c6ea2423a264812ab52c4112b214e528

                            SHA512

                            8e0f2059455d27f3ad29e970b999d11d338b8fdf0a8e813e89d1d2d4a9b984279c32d1ee3c922a10dd162ea06574d33f405be86cabed502f9946a5aa5004a85d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\Setup.exe
                            Filesize

                            356KB

                            MD5

                            fa0b327abd82686bb9d676a30fa89b46

                            SHA1

                            a5521f5e8e500f67b183542ffad65b83ebcb186f

                            SHA256

                            d01728070486e1abbf024db0eeeacf232e02fe326c4c0b762af73f728fc9392d

                            SHA512

                            ead84a6cbe44be5cb213154cf11f8cbe7cc992563549201500f11cf770e3b57b02da027fc982b436f8eebbfa60088f4dad8e10de1086dbb5781b2b3da004790d

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
                            Filesize

                            63KB

                            MD5

                            d298454882caac154fc9217fc7e90499

                            SHA1

                            11970a2f8b9d1153fbc7fe925a846bd95e07e96f

                            SHA256

                            badaa2312457f3d08ca1f72287989456f9e62d6b417af6fb9b5e39ca1e8c8100

                            SHA512

                            e28a4d7c827b5c816503ddba4fee0bc82b16a0acb2eed9c81b20bb1b043d69b89cd3a1cf2beafb27a2471b6172f707d53e3c90568636b0c65e484e051dfde86f

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
                            Filesize

                            256KB

                            MD5

                            c4e4407b5fcf49586ddd5d5573ae4b95

                            SHA1

                            0f60aaaaac09d4f9273207114fcc78c0bfb250eb

                            SHA256

                            8f1e6eb0269fbe449678ce4863d494fda78bc648f27ad1c129270575efce4f7a

                            SHA512

                            95a89aae7f135b3355f2f0f751607742d8dfa5dfb04bf86cad0fff99d6c687a18a2f0be30d92a79d004cba49823c73f0208f40bb5e9cff3b26f72d1fe5f3d47b

                            Download Submit

                          • memory/824-86-0x0000000000F30000-0x0000000000F3A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/2644-26-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/2644-57-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/2644-19-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/2644-25-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/4128-58-0x0000000005A40000-0x0000000005A4A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/4128-55-0x0000000005D60000-0x0000000006304000-memory.dmp

                            Filesize

                            5.6MB

                            Download

                          • memory/4128-56-0x0000000005890000-0x0000000005922000-memory.dmp

                            Filesize

                            584KB

                            Download

                          • memory/4128-53-0x0000000000F40000-0x0000000000FD2000-memory.dmp

                            Filesize

                            584KB

                            Download

                          • memory/4464-61-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/4464-42-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/4944-0-0x00007FFD8F425000-0x00007FFD8F426000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4944-41-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/4944-13-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/4944-4-0x000000001C3E0000-0x000000001C47C000-memory.dmp

                            Filesize

                            624KB

                            Download

                          • memory/4944-3-0x000000001BE70000-0x000000001C33E000-memory.dmp

                            Filesize

                            4.8MB

                            Download

                          • memory/4944-2-0x00007FFD8F170000-0x00007FFD8FB11000-memory.dmp

                            Filesize

                            9.6MB

                            Download

                          • memory/4944-1-0x000000001B8A0000-0x000000001B946000-memory.dmp

                            Filesize

                            664KB

                            Download