0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548

Analysis

max time kernel
144s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
Size

504KB
MD5

c49d0b6efefe3e62e468ab069ded99d0
SHA1

27e403a0c8d39f441aad8d81e41482acc2d16539
SHA256

0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548
SHA512

d44cb147d6aea089affb6a02dd3dec2b0b5933b07214bd96b3bb005131e63a54f341a01cebc79926dc5fc86e56998e18b0079e17d69434d4aedd00b10fe9f60d
SSDEEP

12288:tPmTkT0+nXTv1d5Jo/H4a6ZeUOHFVS9Qg:Vmo4IXhd81rS

Score

7^/10

adware stealer upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

Explorrer.exeExplorrer.exeExplorrer.exe

pid process

4736 Explorrer.exe
2320 Explorrer.exe
4628 Explorrer.exe
Loads dropped DLL 2 IoCs

Processes:

regsvr32.exeregsvr32.exe

pid process

1456 regsvr32.exe
3520 regsvr32.exe

pid	process
4736	Explorrer.exe
2320	Explorrer.exe
4628	Explorrer.exe

pid	process
1456	regsvr32.exe
3520	regsvr32.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4840-0-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral2/memory/4840-3-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral2/memory/4840-4-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral2/memory/4840-16-0x0000000000400000-0x000000000049C000-memory.dmp	upx
C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe	upx
behavioral2/memory/4736-23-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral2/memory/4736-28-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral2/memory/4736-30-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral2/memory/4736-53-0x0000000000400000-0x000000000049C000-memory.dmp	upx

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

regsvr32.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}\NoExplorer = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}	regsvr32.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exeExplorrer.exe

description	pid	process	target process
PID 4840 set thread context of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4736 set thread context of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 set thread context of 4628	4736	Explorrer.exe	Explorrer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2844 4536 WerFault.exe ipconfig.exe
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

4536 ipconfig.exe

pid	pid_target	process	target process
2844	4536	WerFault.exe	ipconfig.exe

pid	process
4536	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

Explorrer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Approved Extensions	Explorrer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{3543619C-D563-43f7-95EA-4DA7E1CC396A} = 51667a6c4c1d3b1b003ad2d87fc9ac0780c431c2a3933e7f	Explorrer.exe

Modifies registry class 5 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}\ = "IE MANAGER"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\IE\\bho.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DE274C2C-2133-4B4B-93B3-8F21486DABC0}	regsvr32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exeExplorrer.exeExplorrer.exe

pid	process
4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
4572	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
4736	Explorrer.exe
2320	Explorrer.exe

Suspicious use of WriteProcessMemory 43 IoCs

Processes:

0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exeExplorrer.exeExplorrer.exeExplorrer.exe

description	pid	process	target process
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4840 wrote to memory of 4572	4840	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
PID 4572 wrote to memory of 4736	4572	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	Explorrer.exe
PID 4572 wrote to memory of 4736	4572	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	Explorrer.exe
PID 4572 wrote to memory of 4736	4572	0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 2320	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 4736 wrote to memory of 4628	4736	Explorrer.exe	Explorrer.exe
PID 2320 wrote to memory of 4536	2320	Explorrer.exe	ipconfig.exe
PID 2320 wrote to memory of 4536	2320	Explorrer.exe	ipconfig.exe
PID 2320 wrote to memory of 4536	2320	Explorrer.exe	ipconfig.exe
PID 2320 wrote to memory of 4536	2320	Explorrer.exe	ipconfig.exe
PID 2320 wrote to memory of 4536	2320	Explorrer.exe	ipconfig.exe
PID 4628 wrote to memory of 1456	4628	Explorrer.exe	regsvr32.exe
PID 4628 wrote to memory of 1456	4628	Explorrer.exe	regsvr32.exe
PID 4628 wrote to memory of 1456	4628	Explorrer.exe	regsvr32.exe
PID 4628 wrote to memory of 3520	4628	Explorrer.exe	regsvr32.exe
PID 4628 wrote to memory of 3520	4628	Explorrer.exe	regsvr32.exe
PID 4628 wrote to memory of 3520	4628	Explorrer.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840

C:\Users\Admin\AppData\Local\Temp\0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0dbf1b710c3e35fd74c2fe81e4b4ce93f24f4da810a8c75d8189286fa3742548_NeikiAnalytics.exe"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4572

C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe
C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe -notray
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4736

C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe
"C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
5⤵
- Gathers network information
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 272
6⤵
- Program crash
PID:2844

C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe
"C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe"
4⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:4628

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /u /s "C:\Users\Admin\AppData\Roaming\IE\bho.dll"
5⤵
- Loads dropped DLL
PID:1456

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Users\Admin\AppData\Roaming\IE\bho.dll"
5⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Modifies registry class
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:8
1⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4536 -ip 4536
1⤵
PID:4772

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\AppsData\Explorrer.exe
Filesize
504KB

MD5
dbd080bc661f9e2cb16d808bbcf2bfc5

SHA1
1cb020b72499c3105bf2c223c0600a2c6029e2b3

SHA256
78e6b94e9653ecfc48cb8865fccfce898999d4e46c4126f7a47697959c761b81

SHA512
978d95993010b1a402b1421f3215aafdcf9ac748679ccb17d968dfc1556a07116a7654b7ffdbcf40f92688975aaed42488a917fc735644d13323eec7c309dd15

Download Submit
C:\Users\Admin\AppData\Roaming\IE\bho.dll
Filesize
87KB

MD5
49a92a33d1775b45b3bd45f8bec24585

SHA1
ea404af50bbdad5cbc9f95f4068bdc30c9fceff6

SHA256
976540cf1b4d04d80be1f1af8ea0f050c3f03a0a8c4e339589b7bb9180fc07f5

SHA512
7d5c4ea5c6f950a41bff386289df88b3f6d78444d7eeaa8a426569ce7698c2dfa916ae02d321af2be839c20e53b2ba9b3bb6a1573cad3b578733b082f0dc292f

Download Submit
memory/2320-164-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2320-51-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4572-27-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4572-7-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4572-12-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4572-25-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/4628-43-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-62-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-171-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-66-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-95-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-61-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-94-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-63-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-38-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-46-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-93-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-34-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-36-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-64-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-65-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-50-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-45-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-44-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-42-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-41-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-40-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-39-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-54-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-90-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-71-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-98-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-97-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-67-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-68-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-96-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-69-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-70-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-72-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-92-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-91-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-89-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-88-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-87-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-86-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-85-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-84-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-83-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-82-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-81-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-80-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-79-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-78-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-77-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-76-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-75-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-74-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4628-73-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4736-53-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4736-30-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4736-28-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4736-23-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4840-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4840-16-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4840-3-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4840-4-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4840-6-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/4840-5-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/4840-11-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/4840-10-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download