Overview

overview

10

Static

static

3

af28da43cc...b4.exe

windows7-x64

10

af28da43cc...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2025, 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af28da43cc9fdb6128f4b9ce7af09d59025010f77e9119bd87c91318df712ab4.exe

  • Size

    1.8MB

  • MD5

    c5e4d612c0286f96e6c0a0f34b9889cd

  • SHA1

    76e16697fc7e39eba2d29c695cb29b3a43ebc532

  • SHA256

    af28da43cc9fdb6128f4b9ce7af09d59025010f77e9119bd87c91318df712ab4

  • SHA512

    87346d4b89b6a0ce960aa0003425b4f8790904e52bd0226367b25028e0c989a3dfdc93031d9cae96054b0b85437a78edd50ebe7acd92379387c13de74ffea179

  • SSDEEP

    49152:IanFUNAsYCGi8tLFQrxanXClpJIxc/dTl:IanFZvi8tLluJIKl

Score
10/10
stealcrenocredential_accessdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

reno

C2

http://185.215.113.115

Attributes
  • url_path

    /c4becf79229cb002.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Downloads MZ/PE file 5 IoCs
  • Uses browser remote debugging 2 TTPs 9 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af28da43cc9fdb6128f4b9ce7af09d59025010f77e9119bd87c91318df712ab4.exe
    "C:\Users\Admin\AppData\Local\Temp\af28da43cc9fdb6128f4b9ce7af09d59025010f77e9119bd87c91318df712ab4.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Downloads MZ/PE file
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
      2⤵
      • Uses browser remote debugging
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1964
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff98c2cc40,0x7fff98c2cc4c,0x7fff98c2cc58
        3⤵
          PID:3956
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1920 /prefetch:2
          3⤵
            PID:3832
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2184 /prefetch:3
            3⤵
              PID:5092
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2460 /prefetch:8
              3⤵
                PID:4604
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3204 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4024
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3384 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4296
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3860,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4524 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:2816
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4528,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4704 /prefetch:8
                3⤵
                  PID:2116
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4788 /prefetch:8
                  3⤵
                    PID:3504
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:8
                    3⤵
                      PID:4880
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,14170146475071446613,8483958465818833448,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8
                      3⤵
                        PID:3316
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                      2⤵
                      • Uses browser remote debugging
                      • Enumerates system info in registry
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                      • Suspicious use of FindShellTrayWindow
                      PID:3820
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff98c346f8,0x7fff98c34708,0x7fff98c34718
                        3⤵
                        • Checks processor information in registry
                        • Enumerates system info in registry
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
                        3⤵
                          PID:3056
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1876
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
                          3⤵
                            PID:1932
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:4920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:540
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:1728
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2624108780902725454,7686474525783840536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:1664
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:2128
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:4796

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\ProgramData\mozglue.dll
                            Filesize

                            593KB

                            MD5

                            c8fd9be83bc728cc04beffafc2907fe9

                            SHA1

                            95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                            SHA256

                            ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                            SHA512

                            fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                            Download Submit

                          • C:\ProgramData\nss3.dll
                            Filesize

                            2.0MB

                            MD5

                            1cc453cdf74f31e4d913ff9c10acdde2

                            SHA1

                            6e85eae544d6e965f15fa5c39700fa7202f3aafe

                            SHA256

                            ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                            SHA512

                            dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                            Filesize

                            356B

                            MD5

                            14078b821e7a1d5e471f5a55c5f17dbd

                            SHA1

                            d51d520bb15c2cc9a60d830a9773505d7191a893

                            SHA256

                            7a9d72eb500155b73b0752e9ef542c1a65b137e54c9372e902221d38c920161b

                            SHA512

                            0932d856d9218813b8419d0231702579279adbb03f0a17ee2ab67d210e5dc0fb65f24a708d911eb735ea63a3d961a9455e4988410646b591c42f15df36d97969

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            8KB

                            MD5

                            7a6ceb20f637abdc0a223c99e0225801

                            SHA1

                            e0ae6b6f78133f1df7439fffaec65d96fe41545d

                            SHA256

                            5eff2bd3c0b95b22b91edfc5ea125601d5ec039f58e5c86721157a7c0c19462d

                            SHA512

                            c6330d5f1606a3c17cac2ba783f170474824874f91256a25bbfe6b133b4628e837b28603f0284ef4b7acfafce9683ce0a0258f950ac2a284b44ff22fc85dfc3b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                            Filesize

                            242KB

                            MD5

                            1e8830d38116f37adcec03583ef8caa4

                            SHA1

                            06b723443a0e460e800339db6b6a2b86373a6f51

                            SHA256

                            cdfd36e271f035e4e9d1ba0139fcf95b06ebd6bffb9396f2bd68ee68094a5438

                            SHA512

                            16aa92c3f24b39f365c6c9c70b22fad29454bf5140d663162a3c21fb91d794e708194d9a83b2bd0c9821a40604ca67743c68cfc6f9b256c4b9c9281cac9f12b4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            aa378723292221de057e05f75936b4c2

                            SHA1

                            d1d52fca8f9ce32735017b9ef3e76c3be33fc2a6

                            SHA256

                            48c30b3381ea9417e0c9e02534294378d28d61b6a382294d8096dd5417b6982b

                            SHA512

                            f150891a568036089dd727d5d8613fd86e0b528f95ca2887a1be937f59f0e450f2d79fb8b63149abdc47b72bf20085b444e8f8188e221a6fefba08149c7360fd

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            e4e54650fb0a7903f379034c9d82ac20

                            SHA1

                            d919492abb1872dadf1cd7bb06ee2b5015054077

                            SHA256

                            e5f9de12025a9ba17526352d4087a562df4db1a174441a12473fef875b8523e6

                            SHA512

                            06da3dcaf3033c152da33c0c5b633a759317ba9846deff164830364f7482057ff80870e0da0037601bdbda679952a527ffae6d4714d38b5ce89ea8e5395a707c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            804f4e990bc57ecaa57e934f7093000c

                            SHA1

                            b11f479e946aca6a145267b1fb8791c1dcbf78f3

                            SHA256

                            525dda197543039f6a640a8cd97700f4435fe1707b924ce285768aa87507e9b6

                            SHA512

                            5dafa9f4539e9a12d90ce36f713b9c47aee0131e098c60e69ac4db97ca882dfa5fc721b22d931dd8974d0fcc8a248909d0e4f924d617a7715707dddfdc4add04

                            Download Submit

                          • memory/2228-69-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-116-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-0-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-6-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                            Filesize

                            972KB

                            Download

                          • memory/2228-5-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-4-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-3-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-29-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-133-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-134-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-138-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download

                          • memory/2228-2-0x00000000005E1000-0x00000000005F8000-memory.dmp

                            Filesize

                            92KB

                            Download

                          • memory/2228-1-0x0000000077934000-0x0000000077936000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/2228-160-0x00000000005E0000-0x0000000000C90000-memory.dmp

                            Filesize

                            6.7MB

                            Download