adwind | 4b2d4d21b5df75339eb821f2e50855c273fdd0ef36f258bf7cd879cb47e5f019

Resubmissions

17/01/2025, 17:52

250117-wfrx6sypgl 10

17/01/2025, 17:44

250117-wa5xvayjcv 10

22/09/2024, 11:10

240922-m9p61awgjr 10

Analysis

max time kernel
347s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/01/2025, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b2d4d21b5df75339eb821f2e50855c273fdd0ef36f258bf7cd879cb47e5f019.jar
Size

570KB
MD5

31f90d8a8a473074bfeef7972d5a39b2
SHA1

083a3c0e8c33f1ea8d0f59f76e8e82a6871aebdd
SHA256

4b2d4d21b5df75339eb821f2e50855c273fdd0ef36f258bf7cd879cb47e5f019
SHA512

bc8abbfba825303e38ed4a29d72af2a1f6d54592a14e53807defb0d24326ab540645e7b69f4fe5b79e9e3bb4dc10e5fda0281e852443700feea512db7654dc68
SSDEEP

12288:JME6KYOW/U7JA1T7hyiGuwtjXOi8KyI/qroUIRMZNmkq0pT8Kiy4:3YOAU1A1pULOi8Ky4qrohMZNuET8D

Score

10^/10

adwind trojan

Malware Config

Signatures

AdWind
A Java-based RAT family operated as malware-as-a-service.
trojan adwind
Adwind family
adwind

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\test.txt	java.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1692	NOTEPAD.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4724	java.exe
4364	java.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 4364	4724	java.exe	84
PID 4724 wrote to memory of 4364	4724	java.exe	84
PID 4724 wrote to memory of 2276	4724	java.exe	86
PID 4724 wrote to memory of 2276	4724	java.exe	86
PID 4364 wrote to memory of 660	4364	java.exe	88
PID 4364 wrote to memory of 660	4364	java.exe	88
PID 2276 wrote to memory of 1256	2276	cmd.exe	90
PID 2276 wrote to memory of 1256	2276	cmd.exe	90
PID 660 wrote to memory of 2268	660	cmd.exe	91
PID 660 wrote to memory of 2268	660	cmd.exe	91
PID 4364 wrote to memory of 2220	4364	java.exe	92
PID 4364 wrote to memory of 2220	4364	java.exe	92
PID 4724 wrote to memory of 2148	4724	java.exe	93
PID 4724 wrote to memory of 2148	4724	java.exe	93
PID 2220 wrote to memory of 2000	2220	cmd.exe	96
PID 2220 wrote to memory of 2000	2220	cmd.exe	96
PID 2148 wrote to memory of 756	2148	cmd.exe	97
PID 2148 wrote to memory of 756	2148	cmd.exe	97
PID 4364 wrote to memory of 4664	4364	java.exe	98
PID 4364 wrote to memory of 4664	4364	java.exe	98
PID 4724 wrote to memory of 3936	4724	java.exe	100
PID 4724 wrote to memory of 3936	4724	java.exe	100
PID 4364 wrote to memory of 4072	4364	java.exe	103
PID 4364 wrote to memory of 4072	4364	java.exe	103

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\4b2d4d21b5df75339eb821f2e50855c273fdd0ef36f258bf7cd879cb47e5f019.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.214561063066382783090974922902725050.class
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4364
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive3837936604724126512.vbs
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:660
  - - C:\Windows\system32\cscript.exe
      cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive3837936604724126512.vbs
      4⤵
      PID:2268
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1528991446176259801.vbs
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Windows\system32\cscript.exe
      cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1528991446176259801.vbs
      4⤵
      PID:2000
- - C:\Windows\SYSTEM32\xcopy.exe
    xcopy "C:\Program Files\Java\jre-1.8" "C:\Users\Admin\AppData\Roaming\Oracle\" /e
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe
    3⤵
    PID:4072
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive8531634722866465990.vbs
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Windows\system32\cscript.exe
    cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive8531634722866465990.vbs
    3⤵
    PID:1256
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive6699505213238038735.vbs
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Windows\system32\cscript.exe
    cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive6699505213238038735.vbs
    3⤵
    PID:756
- C:\Windows\SYSTEM32\xcopy.exe
  xcopy "C:\Program Files\Java\jre-1.8" "C:\Users\Admin\AppData\Roaming\Oracle\" /e
  2⤵
  PID:3936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4320

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log
1⤵
- Opens file in notepad (likely ransom note)
PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d9263d62860f91ccd08a3d64cff92e78

SHA1
39ab019c19b9a0934f816038fb9a1898670d8ed7

SHA256
a94fbf550871161295575d9b607b8ac4f4e7eb534e171583358420b65d84760f

SHA512
e9e4e150cf759facd2920d3b8f5f4ae9f811da3764b7d290f52c0a7ed0318a10ba5b625ad580fe6af1d9dcc374a702502794cb843521a513146b21040595b0ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Retrive3837936604724126512.vbs

Filesize
276B

MD5
3bdfd33017806b85949b6faa7d4b98e4

SHA1
f92844fee69ef98db6e68931adfaa9a0a0f8ce66

SHA256
9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6

SHA512
ae5e5686ae71edef53e71cd842cb6799e4383b9c238a5c361b81647efa128d2fedf3bf464997771b5b0c47a058fecae7829aeedcd098c80a11008581e5781429

Download Submit
C:\Users\Admin\AppData\Local\Temp\Retrive6699505213238038735.vbs

Filesize
281B

MD5
a32c109297ed1ca155598cd295c26611

SHA1
dc4a1fdbaad15ddd6fe22d3907c6b03727b71510

SHA256
45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7

SHA512
70372552dc86fe02ece9fe3b7721463f80be07a34126b2c75b41e30078cda9e90744c7d644df623f63d4fb985482e345b3351c4d3da873162152c67fc6ecc887

Download Submit
C:\Users\Admin\AppData\Local\Temp\_0.214561063066382783090974922902725050.class

Filesize
241KB

MD5
781fb531354d6f291f1ccab48da6d39f

SHA1
9ce4518ebcb5be6d1f0b5477fa00c26860fe9a68

SHA256
97d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9

SHA512
3e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3350944739-639801879-157714471-1000\83aa4cc77f591dfc2374580bbd95f6ba_dd2803c7-d377-4f06-bdfe-aea230fc7b0e

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties

Filesize
3KB

MD5
880baacb176553deab39edbe4b74380d

SHA1
37a57aad121c14c25e149206179728fa62203bf0

SHA256
ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

SHA512
3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
memory/4364-107-0x0000013C9CAD0000-0x0000013C9CAE0000-memory.dmp

Filesize
64KB

Download
memory/4364-108-0x0000013C9CAE0000-0x0000013C9CAF0000-memory.dmp

Filesize
64KB

Download
memory/4364-1082-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1081-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1055-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1046-0x0000013C9CB40000-0x0000013C9CB50000-memory.dmp

Filesize
64KB

Download
memory/4364-59-0x0000013C9C800000-0x0000013C9CA70000-memory.dmp

Filesize
2.4MB

Download
memory/4364-1047-0x0000013C9CB50000-0x0000013C9CB60000-memory.dmp

Filesize
64KB

Download
memory/4364-1045-0x0000013C9CB30000-0x0000013C9CB40000-memory.dmp

Filesize
64KB

Download
memory/4364-1044-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1043-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1042-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1037-0x0000013C9CB10000-0x0000013C9CB20000-memory.dmp

Filesize
64KB

Download
memory/4364-80-0x0000013C9CA90000-0x0000013C9CAA0000-memory.dmp

Filesize
64KB

Download
memory/4364-1038-0x0000013C9CB20000-0x0000013C9CB30000-memory.dmp

Filesize
64KB

Download
memory/4364-77-0x0000013C9CA80000-0x0000013C9CA90000-memory.dmp

Filesize
64KB

Download
memory/4364-1030-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-137-0x0000013C9CB00000-0x0000013C9CB10000-memory.dmp

Filesize
64KB

Download
memory/4364-21-0x0000013C9C800000-0x0000013C9CA70000-memory.dmp

Filesize
2.4MB

Download
memory/4364-593-0x0000013C9CAF0000-0x0000013C9CB00000-memory.dmp

Filesize
64KB

Download
memory/4364-73-0x0000013C9CA70000-0x0000013C9CA80000-memory.dmp

Filesize
64KB

Download
memory/4364-415-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-143-0x0000013C9CB10000-0x0000013C9CB20000-memory.dmp

Filesize
64KB

Download
memory/4364-145-0x0000013C9CAB0000-0x0000013C9CAC0000-memory.dmp

Filesize
64KB

Download
memory/4364-146-0x0000013C9CAC0000-0x0000013C9CAD0000-memory.dmp

Filesize
64KB

Download
memory/4364-151-0x0000013C9CB30000-0x0000013C9CB40000-memory.dmp

Filesize
64KB

Download
memory/4364-93-0x0000013C9CAA0000-0x0000013C9CAB0000-memory.dmp

Filesize
64KB

Download
memory/4364-152-0x0000013C9CB40000-0x0000013C9CB50000-memory.dmp

Filesize
64KB

Download
memory/4364-153-0x0000013C9CB50000-0x0000013C9CB60000-memory.dmp

Filesize
64KB

Download
memory/4364-154-0x0000013C9CAD0000-0x0000013C9CAE0000-memory.dmp

Filesize
64KB

Download
memory/4364-155-0x0000013C9CAE0000-0x0000013C9CAF0000-memory.dmp

Filesize
64KB

Download
memory/4364-96-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-100-0x0000013C9CAC0000-0x0000013C9CAD0000-memory.dmp

Filesize
64KB

Download
memory/4364-99-0x0000013C9CAB0000-0x0000013C9CAC0000-memory.dmp

Filesize
64KB

Download
memory/4364-144-0x0000013C9CB20000-0x0000013C9CB30000-memory.dmp

Filesize
64KB

Download
memory/4364-103-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-129-0x0000013C9CA90000-0x0000013C9CAA0000-memory.dmp

Filesize
64KB

Download
memory/4364-113-0x0000013C9CA70000-0x0000013C9CA80000-memory.dmp

Filesize
64KB

Download
memory/4364-119-0x0000013C9CAF0000-0x0000013C9CB00000-memory.dmp

Filesize
64KB

Download
memory/4364-120-0x0000013C9CA80000-0x0000013C9CA90000-memory.dmp

Filesize
64KB

Download
memory/4364-136-0x0000013C9CAA0000-0x0000013C9CAB0000-memory.dmp

Filesize
64KB

Download
memory/4364-138-0x0000013C9C7E0000-0x0000013C9C7E1000-memory.dmp

Filesize
4KB

Download
memory/4364-1035-0x0000013C9CB00000-0x0000013C9CB10000-memory.dmp

Filesize
64KB

Download
memory/4724-40-0x00000235CBA10000-0x00000235CBA20000-memory.dmp

Filesize
64KB

Download
memory/4724-72-0x00000235CBAE0000-0x00000235CBAF0000-memory.dmp

Filesize
64KB

Download
memory/4724-2-0x00000235CB780000-0x00000235CB9F0000-memory.dmp

Filesize
2.4MB

Download
memory/4724-106-0x00000235CBAB0000-0x00000235CBAC0000-memory.dmp

Filesize
64KB

Download
memory/4724-97-0x00000235CBA90000-0x00000235CBAA0000-memory.dmp

Filesize
64KB

Download
memory/4724-130-0x00000235CBB30000-0x00000235CBB40000-memory.dmp

Filesize
64KB

Download
memory/4724-112-0x00000235CBAE0000-0x00000235CBAF0000-memory.dmp

Filesize
64KB

Download
memory/4724-74-0x00000235CBA10000-0x00000235CBA20000-memory.dmp

Filesize
64KB

Download
memory/4724-117-0x00000235CBB10000-0x00000235CBB20000-memory.dmp

Filesize
64KB

Download
memory/4724-118-0x00000235CBB20000-0x00000235CBB30000-memory.dmp

Filesize
64KB

Download
memory/4724-135-0x00000235CBB00000-0x00000235CBB10000-memory.dmp

Filesize
64KB

Download
memory/4724-132-0x00000235CBB50000-0x00000235CBB60000-memory.dmp

Filesize
64KB

Download
memory/4724-131-0x00000235CBB40000-0x00000235CBB50000-memory.dmp

Filesize
64KB

Download
memory/4724-109-0x00000235CBAC0000-0x00000235CBAD0000-memory.dmp

Filesize
64KB

Download
memory/4724-98-0x00000235CBAA0000-0x00000235CBAB0000-memory.dmp

Filesize
64KB

Download
memory/4724-89-0x00000235CBA60000-0x00000235CBA70000-memory.dmp

Filesize
64KB

Download
memory/4724-90-0x00000235CBA70000-0x00000235CBA80000-memory.dmp

Filesize
64KB

Download
memory/4724-91-0x00000235CBA80000-0x00000235CBA90000-memory.dmp

Filesize
64KB

Download
memory/4724-92-0x00000235CBB00000-0x00000235CBB10000-memory.dmp

Filesize
64KB

Download
memory/4724-41-0x00000235CBA20000-0x00000235CBA30000-memory.dmp

Filesize
64KB

Download
memory/4724-69-0x00000235CBA00000-0x00000235CBA10000-memory.dmp

Filesize
64KB

Download
memory/4724-70-0x00000235CBAC0000-0x00000235CBAD0000-memory.dmp

Filesize
64KB

Download
memory/4724-71-0x00000235CBAD0000-0x00000235CBAE0000-memory.dmp

Filesize
64KB

Download
memory/4724-43-0x00000235CBA40000-0x00000235CBA50000-memory.dmp

Filesize
64KB

Download
memory/4724-42-0x00000235CBA30000-0x00000235CBA40000-memory.dmp

Filesize
64KB

Download
memory/4724-162-0x00000235CB760000-0x00000235CB761000-memory.dmp

Filesize
4KB

Download
memory/4724-163-0x00000235CBB60000-0x00000235CBB70000-memory.dmp

Filesize
64KB

Download
memory/4724-111-0x00000235CBAD0000-0x00000235CBAE0000-memory.dmp

Filesize
64KB

Download
memory/4724-35-0x00000235CBA00000-0x00000235CBA10000-memory.dmp

Filesize
64KB

Download
memory/4724-33-0x00000235CB9F0000-0x00000235CBA00000-memory.dmp

Filesize
64KB

Download
memory/4724-28-0x00000235CB760000-0x00000235CB761000-memory.dmp

Filesize
4KB

Download
memory/4724-82-0x00000235CBA50000-0x00000235CBA60000-memory.dmp

Filesize
64KB

Download
memory/4724-592-0x00000235CBB20000-0x00000235CBB30000-memory.dmp

Filesize
64KB

Download
memory/4724-591-0x00000235CBB10000-0x00000235CBB20000-memory.dmp

Filesize
64KB

Download
memory/4724-590-0x00000235CB760000-0x00000235CB761000-memory.dmp

Filesize
4KB

Download
memory/4724-83-0x00000235CBAF0000-0x00000235CBB00000-memory.dmp

Filesize
64KB

Download
memory/4724-11-0x00000235CB760000-0x00000235CB761000-memory.dmp

Filesize
4KB

Download
memory/4724-76-0x00000235CBA30000-0x00000235CBA40000-memory.dmp

Filesize
64KB

Download
memory/4724-1031-0x00000235CBB30000-0x00000235CBB40000-memory.dmp

Filesize
64KB

Download
memory/4724-1033-0x00000235CBB50000-0x00000235CBB60000-memory.dmp

Filesize
64KB

Download
memory/4724-1032-0x00000235CBB40000-0x00000235CBB50000-memory.dmp

Filesize
64KB

Download
memory/4724-133-0x00000235CBAF0000-0x00000235CBB00000-memory.dmp

Filesize
64KB

Download
memory/4724-79-0x00000235CBA40000-0x00000235CBA50000-memory.dmp

Filesize
64KB

Download
memory/4724-75-0x00000235CBA20000-0x00000235CBA30000-memory.dmp

Filesize
64KB

Download
memory/4724-60-0x00000235CB9F0000-0x00000235CBA00000-memory.dmp

Filesize
64KB

Download
memory/4724-61-0x00000235CBAB0000-0x00000235CBAC0000-memory.dmp

Filesize
64KB

Download
memory/4724-56-0x00000235CB780000-0x00000235CB9F0000-memory.dmp

Filesize
2.4MB

Download
memory/4724-57-0x00000235CBA90000-0x00000235CBAA0000-memory.dmp

Filesize
64KB

Download
memory/4724-58-0x00000235CBAA0000-0x00000235CBAB0000-memory.dmp

Filesize
64KB

Download
memory/4724-50-0x00000235CBA60000-0x00000235CBA70000-memory.dmp

Filesize
64KB

Download
memory/4724-1050-0x00000235CBB60000-0x00000235CBB70000-memory.dmp

Filesize
64KB

Download
memory/4724-51-0x00000235CBA70000-0x00000235CBA80000-memory.dmp

Filesize
64KB

Download
memory/4724-1079-0x00000235CB760000-0x00000235CB761000-memory.dmp

Filesize
4KB

Download
memory/4724-1080-0x00000235CB760000-0x00000235CB761000-memory.dmp

Filesize
4KB

Download
memory/4724-52-0x00000235CBA80000-0x00000235CBA90000-memory.dmp

Filesize
64KB

Download
memory/4724-47-0x00000235CBA50000-0x00000235CBA60000-memory.dmp

Filesize
64KB

Download