2421fc56eee932322e7168ca988c6d63c8bb74440f900661fc859403196e64d2

Analysis

max time kernel
146s
max time network
137s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
12/02/2025, 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

piponis-main/cjitigjfktti.exe
Size

1.2MB
MD5

9a25f9aa3d34d382fbfe05cef7196267
SHA1

da9d0b66ee501c0edd8c9b8b6068ac850bfdbc13
SHA256

87f7f0f88767ea5c3958920bf813536dac8c1ee3cc3afc75674324dc305ceb30
SHA512

6ffb1a985540b74466d0a97c24ef1c2a7ea55d82f1dabe9c94fe74fc49108a3a2b6b3ed979455292b4a4b8b4af5f385855de7798faa189c90030a7f9ad01017c
SSDEEP

24576:dQ6GlFOMrb3hUXASW/gFMK9y7g/i/l9dVfD8RaCPEvrcNAUyQhI8Tsm7ZEght7I/:jG+MReW/aMK9Eei/l9DiagvOUyQpwMSb

Score

8^/10

defense_evasion discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file 4 IoCs

flow	pid	Process
57	3260	81IL8SZ61JUWTMIALV6S.exe
58	3260	81IL8SZ61JUWTMIALV6S.exe
35	868	Process not Found
52	4104	cjitigjfktti.exe

Executes dropped EXE 1 IoCs

pid	Process
3260	81IL8SZ61JUWTMIALV6S.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	pastebin.com
55	pastebin.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Power Settings 1 TTPs 1 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
2924	cmd.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cjitigjfktti.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	81IL8SZ61JUWTMIALV6S.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1680	MicrosoftEdgeUpdate.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3172	schtasks.exe
2460	schtasks.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
4104	cjitigjfktti.exe
3260	81IL8SZ61JUWTMIALV6S.exe
4984	powershell.exe
4984	powershell.exe
3260	81IL8SZ61JUWTMIALV6S.exe
3260	81IL8SZ61JUWTMIALV6S.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	3260	81IL8SZ61JUWTMIALV6S.exe
Token: SeDebugPrivilege	4984	powershell.exe
Token: SeIncreaseQuotaPrivilege	4984	powershell.exe
Token: SeSecurityPrivilege	4984	powershell.exe
Token: SeTakeOwnershipPrivilege	4984	powershell.exe
Token: SeLoadDriverPrivilege	4984	powershell.exe
Token: SeSystemProfilePrivilege	4984	powershell.exe
Token: SeSystemtimePrivilege	4984	powershell.exe
Token: SeProfSingleProcessPrivilege	4984	powershell.exe
Token: SeIncBasePriorityPrivilege	4984	powershell.exe
Token: SeCreatePagefilePrivilege	4984	powershell.exe
Token: SeBackupPrivilege	4984	powershell.exe
Token: SeRestorePrivilege	4984	powershell.exe
Token: SeShutdownPrivilege	4984	powershell.exe
Token: SeDebugPrivilege	4984	powershell.exe
Token: SeSystemEnvironmentPrivilege	4984	powershell.exe
Token: SeRemoteShutdownPrivilege	4984	powershell.exe
Token: SeUndockPrivilege	4984	powershell.exe
Token: SeManageVolumePrivilege	4984	powershell.exe
Token: 33	4984	powershell.exe
Token: 34	4984	powershell.exe
Token: 35	4984	powershell.exe
Token: 36	4984	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4104	cjitigjfktti.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 3260	4104	cjitigjfktti.exe	90
PID 4104 wrote to memory of 3260	4104	cjitigjfktti.exe	90
PID 4104 wrote to memory of 3260	4104	cjitigjfktti.exe	90
PID 3260 wrote to memory of 2924	3260	81IL8SZ61JUWTMIALV6S.exe	91
PID 3260 wrote to memory of 2924	3260	81IL8SZ61JUWTMIALV6S.exe	91
PID 3260 wrote to memory of 2924	3260	81IL8SZ61JUWTMIALV6S.exe	91
PID 2924 wrote to memory of 4984	2924	cmd.exe	93
PID 2924 wrote to memory of 4984	2924	cmd.exe	93
PID 2924 wrote to memory of 4984	2924	cmd.exe	93
PID 3260 wrote to memory of 1860	3260	81IL8SZ61JUWTMIALV6S.exe	94
PID 3260 wrote to memory of 1860	3260	81IL8SZ61JUWTMIALV6S.exe	94
PID 3260 wrote to memory of 1860	3260	81IL8SZ61JUWTMIALV6S.exe	94
PID 3260 wrote to memory of 2896	3260	81IL8SZ61JUWTMIALV6S.exe	95
PID 3260 wrote to memory of 2896	3260	81IL8SZ61JUWTMIALV6S.exe	95
PID 3260 wrote to memory of 2896	3260	81IL8SZ61JUWTMIALV6S.exe	95
PID 1860 wrote to memory of 2460	1860	cmd.exe	98
PID 1860 wrote to memory of 2460	1860	cmd.exe	98
PID 1860 wrote to memory of 2460	1860	cmd.exe	98
PID 2896 wrote to memory of 3172	2896	cmd.exe	99
PID 2896 wrote to memory of 3172	2896	cmd.exe	99
PID 2896 wrote to memory of 3172	2896	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\piponis-main\cjitigjfktti.exe
"C:\Users\Admin\AppData\Local\Temp\piponis-main\cjitigjfktti.exe"
1⤵
- Downloads MZ/PE file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Users\Admin\AppData\Local\Temp\81IL8SZ61JUWTMIALV6S.exe
  "C:\Users\Admin\AppData\Local\Temp\81IL8SZ61JUWTMIALV6S.exe"
  2⤵
  - Downloads MZ/PE file
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3260
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C powershell -EncodedCommand "PAAjAHQAcABBAGUAaABCAG4AdAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGQAbABWACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHUANgBzAEgAUwBTADIAbgBVAG4AQQAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwA4AHAAVgAjAD4A" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
    3⤵
    - Power Settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -EncodedCommand "PAAjAHQAcABBAGUAaABCAG4AdAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGQAbABWACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHUANgBzAEgAUwBTADIAbgBVAG4AQQAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwA4AHAAVgAjAD4A"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4984
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1860
  - - C:\Windows\SysWOW64\schtasks.exe
      SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:2460
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk2387" /TR "C:\ProgramData\Dllhost\dllhost.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Windows\SysWOW64\schtasks.exe
      SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk2387" /TR "C:\ProgramData\Dllhost\dllhost.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:3172

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzhFMERDNTgtMDUxMy00QUFCLTkwNDUtRDkxNUNCQkNBMzkxfSIgdXNlcmlkPSJ7QzA1NDg5RUItMzNFQS00QkE5LUI2ODMtRDZDRjBGNjQyRTAwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RkY1QTAzQjUtOEFFNS00MThFLUJFNDYtMUFFNTkwNUEyNkNBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjY5OTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5ODgwODMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAxMDY0NTM5NiIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\81IL8SZ61JUWTMIALV6S.exe

Filesize
21KB

MD5
c11a82d699a06d9b8ba4296e0c562ae4

SHA1
e91963fe8def3ed151333a6a66d005237600ba30

SHA256
483b1d7dac70de82e9b22a0c1ed775cf7e10b0a3790c5aa1b9215dbcd1754302

SHA512
cc8644279ea2cebf70f594f6cc48d6ebbc10d036b7dcf1008fc05565da85cc36f7e8af7faa49b7c117c9a6ac94d7c007a99b53ec1dd668a7f8c28dc25b410a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jfscj3ht.g4t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/3260-18-0x0000000073AEE000-0x0000000073AEF000-memory.dmp

Filesize
4KB

Download
memory/3260-19-0x00000000004F0000-0x00000000004FC000-memory.dmp

Filesize
48KB

Download
memory/3260-64-0x0000000073AEE000-0x0000000073AEF000-memory.dmp

Filesize
4KB

Download
memory/3260-65-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/3260-70-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/3260-24-0x0000000005030000-0x0000000005096000-memory.dmp

Filesize
408KB

Download
memory/3260-23-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/3260-22-0x0000000004EB0000-0x0000000004EBA000-memory.dmp

Filesize
40KB

Download
memory/3260-21-0x0000000004F20000-0x0000000004FB2000-memory.dmp

Filesize
584KB

Download
memory/3260-20-0x0000000005430000-0x00000000059D6000-memory.dmp

Filesize
5.6MB

Download
memory/4104-13-0x0000000000E20000-0x0000000000E25000-memory.dmp

Filesize
20KB

Download
memory/4104-71-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-12-0x0000000000E20000-0x0000000000E25000-memory.dmp

Filesize
20KB

Download
memory/4104-56-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-2-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-8-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-74-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-73-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-72-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-0-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-4-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-1-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-7-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-69-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-68-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-66-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-6-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4104-5-0x0000000000FC0000-0x0000000001384000-memory.dmp

Filesize
3.8MB

Download
memory/4984-39-0x0000000006580000-0x000000000659E000-memory.dmp

Filesize
120KB

Download
memory/4984-55-0x00000000078E0000-0x00000000078FA000-memory.dmp

Filesize
104KB

Download
memory/4984-54-0x0000000007F40000-0x00000000085BA000-memory.dmp

Filesize
6.5MB

Download
memory/4984-57-0x0000000007950000-0x000000000795A000-memory.dmp

Filesize
40KB

Download
memory/4984-61-0x0000000007B50000-0x0000000007BE6000-memory.dmp

Filesize
600KB

Download
memory/4984-53-0x00000000077C0000-0x0000000007863000-memory.dmp

Filesize
652KB

Download
memory/4984-52-0x0000000006B80000-0x0000000006B9E000-memory.dmp

Filesize
120KB

Download
memory/4984-42-0x00000000702B0000-0x00000000702FC000-memory.dmp

Filesize
304KB

Download
memory/4984-41-0x0000000007580000-0x00000000075B2000-memory.dmp

Filesize
200KB

Download
memory/4984-40-0x00000000065C0000-0x000000000660C000-memory.dmp

Filesize
304KB

Download
memory/4984-26-0x00000000056C0000-0x0000000005D8A000-memory.dmp

Filesize
6.8MB

Download
memory/4984-32-0x0000000005E20000-0x0000000005E42000-memory.dmp

Filesize
136KB

Download
memory/4984-33-0x0000000005ED0000-0x0000000005F36000-memory.dmp

Filesize
408KB

Download
memory/4984-38-0x00000000060B0000-0x0000000006407000-memory.dmp

Filesize
3.3MB

Download
memory/4984-25-0x0000000002F30000-0x0000000002F66000-memory.dmp

Filesize
216KB

Download