ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824

Resubmissions

29-06-2024 22:45

240629-2ps5gsycjc 9

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave Goodbye.exe
Size

6.0MB
MD5

b67c09157b260b02037a716d28d7c34f
SHA1

a6da5549351e78fda395b5381dcf9e14240390fd
SHA256

ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824
SHA512

61cc65311af74f83ea950ef54661a5421df67026f7760e257ae3701b3b339f554ac1b42a63f2adafe142ad71a81c545b6749aac0a4f5c78eccd90d072fb7bbad
SSDEEP

98304:dHx3rQ9UT/cnDEuzHEAtpW1pAT0WaDMyaATQKC2witrFr9vQVN9x3gHWdFISYft4:73rpbcnDEuzkAtpWzATIaAEHVYJJmN/P

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Wave Goodbye.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Wave Goodbye.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Wave Goodbye.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Wave Goodbye.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Wave Goodbye.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Wave Goodbye.exe

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/2380-0-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral1/memory/2380-5-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral1/memory/2380-2-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral1/memory/2380-4-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral1/memory/2380-3-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral1/memory/2380-6-0x0000000140000000-0x0000000140F65000-memory.dmp	themida
behavioral1/memory/2380-459-0x0000000140000000-0x0000000140F65000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Wave Goodbye.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Wave Goodbye.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

16 discord.com
17 discord.com
18 discord.com
19 discord.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Wave Goodbye.exe

pid process

2380 Wave Goodbye.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Wave Goodbye.exe

flow	ioc
16	discord.com
17	discord.com
18	discord.com
19	discord.com

pid	process
2380	Wave Goodbye.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73FD49A1-3669-11EF-9542-4A4F109F65B0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2216 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2216 iexplore.exe
2216 iexplore.exe
2960 IEXPLORE.EXE
2960 IEXPLORE.EXE

pid	process
2216	iexplore.exe

pid	process
2216	iexplore.exe
2216	iexplore.exe
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Wave Goodbye.exeiexplore.exe

description	pid	process	target process
PID 2380 wrote to memory of 2216	2380	Wave Goodbye.exe	iexplore.exe
PID 2380 wrote to memory of 2216	2380	Wave Goodbye.exe	iexplore.exe
PID 2380 wrote to memory of 2216	2380	Wave Goodbye.exe	iexplore.exe
PID 2216 wrote to memory of 2960	2216	iexplore.exe	IEXPLORE.EXE
PID 2216 wrote to memory of 2960	2216	iexplore.exe	IEXPLORE.EXE
PID 2216 wrote to memory of 2960	2216	iexplore.exe	IEXPLORE.EXE
PID 2216 wrote to memory of 2960	2216	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe
"C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2380

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/6NNYUEXAR2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2960

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
67e8522411ebe9d6f1bf0d89c2723bd4

SHA1
b33b02b72028c9e3fe166822471067ebdfae5185

SHA256
7e7e8998a34c794052feca473fa6a740068e188db578c663b94812a99b72af39

SHA512
e7e6411ce6a41a98884818011479e315a6a5fbc51d74c2c2af3beaac9cc279284d509f6b68a2c674c8e10ff2695404b9ccf5207da94d599cd35f7fd2e60b194c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
512ea55eca2b40ddd9cfbeba70be3a91

SHA1
b5403adf4e6c6f5b8663968281e3601315f8f07b

SHA256
2fd433bd7583ffe589c1add90c98a24cd595eadca184555c004e1081108b95c0

SHA512
27dc1c6f46316d9e65ea3617fbd333eafba2e29af3561ef0f0e4df226e4c12c17bf85f084f21264b895d4b032b13caa2b085147240fd6f472dbeb2b004d0121a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9c37abeabcf9160efa3c3d336142c3eb

SHA1
31413304739cd78addf84c3d0ce4cc8c68e435d3

SHA256
46f8334c997e7283713f70e254fd2204aef0dfd20fbd2690bdb765aa587643d0

SHA512
36421a711470bcf50212c0f4bc10c043a775b1d730a2a94f6c28b29d8d2fd2b165f5d694bfcf29eb43cc9254d3b53e040124e06a71dad24f3545165b778bdb75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
132768e69887bb24f88dade81d5bd1c8

SHA1
65c65d700391f4cf17d1145be83a768b3df4a41e

SHA256
4203ae2368634d03ca0476058420c61f63ab34cc8fd6a8678bbfe55b546da6d2

SHA512
79c7eeb9662f77064b122664e6bdbff16e87d7857b8588ca713a4d88645776621486bf0b5f2c0fe8782fb4f8de3f5f2f83c297eb8f9203dd27fbbdfd4b4799a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5487444e0d8e56f2465860b587cccb13

SHA1
953e2d4bbd02aa23fe339a3646b7b858e764be2e

SHA256
cbe01c7753bb986dbea32f1dc6f3241fdaaf07aad28685711c05849a04a7d3a5

SHA512
7639b2f40894b60b92bd5bdf0942dac4c59808f995f0e1db8596e4b63417f0c66eb32cc6f3c14348e4d2cb370b3cb5950da1d32ed51fd980d847feac35a5d0aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a837b075242556af18b8fea24ab59457

SHA1
77333e08558cc3cd6eb2e59488ce2ddc332febf6

SHA256
7227e101f7aca2283698d7127da2734c496f87f0a83dd735c7d577104ea8968a

SHA512
571bd1dc8715be096e3f5fde985a299f639d61425ed87267577d6dbebd96f866c8a53a6544d34389e0226fa8588f85c2a27ae65d8193ed04c079c1f03149a6f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e31ce3e4c771750c32111db2299bf6ad

SHA1
e4173dea3bd24fd05c0e56570f717652cf43506e

SHA256
0c48611de73a8587bdba28188378f6fcf73650bbc2f36f7826e595014726ee32

SHA512
ba8878940d5b42e449c7028dd5458682fe2a093a68c109b6e80c55a6c488b9121c9fda946f3a746a4076191974fe3a0de37612fbcd1a02cd2bbb269303610767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
320efaf4e832b66eb9f60375f351c378

SHA1
9a1129ddb590e2fe6d5d5811dc0ca0a7e7fd0004

SHA256
cb6a247178d241c5724039834639dc3d6e602ccab21c9756ca1e6a52bc930ac5

SHA512
b4420671a67b4f3a730734d99de762be2b30df02c46a543ec66c8f7222acc20aea5ec333463e4b2bdc50d95c233db04b8efe9c88f80f5cfc0dc7923266bdc206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
47968f67bf6d9bf583b49295468fc003

SHA1
cea7ef601c7f288611c8916341b10e782cf8fa57

SHA256
dc74a224d62d995c6d69d0ac11f3b1bf92de4455b81c89b91e6e5ea43681f61f

SHA512
7d19ce973d78dee6db54a19458e85554aae57979817b5c2a63d328b62c2267479b012920519e511b0ed85b53dc24137301de5b2bf69778b77f799b4b7295858f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3496321a68ecfeea4730e3bfe94e8eb3

SHA1
d29d1f34635b510d466ceadfd778ac8bfa6a6e38

SHA256
daa92109d38ce5ec8193b5a2ae1b27dae9d12c529fec624b77b997f9c55903b9

SHA512
a14ae57daa23ab5d223b165ac69dc21c3a130282e87652ed5b08cc34bb0a03a880760becac5fc0efc5548d4f279d4c1a370389c4c6def61d1dd28f07ba6afa12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
21f6e7c69d56117ff458d9128a46e196

SHA1
e898f6452d9d69827b7c46d0de58534ecfee7804

SHA256
8ececda8101fd1b3876f6efb09b6025e929cc26803c539b43a5f3c8bd79ffb10

SHA512
77690dcdaa6b07039ee2be075ac094f885416a83b3c11285ce727c60a0e5904a0fa96049daf8c39eb8e11af2ef9c8f2f3b986f8800761fe084a49106494cabcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
925fd470dfd19fc89d5bc5a39b4490c4

SHA1
be2eb3b7f7a9c67493fff9ecbf76f15fffec1669

SHA256
75b833344aa96d6868da2b3fe5589241dcf38841d4da6a0ed8c0fb8330012ac7

SHA512
638d46087e274e747246587ea24017978fcae05c74fca7fb9614568c8d82d1e8d17b3bc84e56a590c2979943ed0281a02932eb6edd1f6376b57ab193926dc18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
Filesize
24KB

MD5
187710413a92f4358ac968ae665ba23b

SHA1
56d305fd66e559a6780101a4423c68273b5ce082

SHA256
f41f70b9c9a0dc364403e3cfa291e64a25981e8e0a30173054004c93d6f00583

SHA512
3a5a7a743067dc25df2518150bba942d2c5be3b4e65465884611b4449bf81943eaf8fb73a8bb3f018ffedce7da1277bd48e3ed15a1186109e591973b39d91d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon[2].ico
Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab202E.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2130.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2380-0-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/2380-6-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/2380-3-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/2380-4-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/2380-2-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/2380-5-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download
memory/2380-1-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2380-459-0x0000000140000000-0x0000000140F65000-memory.dmp

Filesize
15.4MB

Download