asyncrat | c4638069ee4cc84cbeda570f32a5742ddf8a07830ed82f078d7f77d0369774ef

Analysis

max time kernel
8s
max time network
151s
platform
windows10_x64
resource
win10
submitted
25-10-2020 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MarioBitcoinMiner2020/MarioBitcoinMiner2020.exe

Score

10^/10

asyncrat warzonerat infostealer macro rat xlm

Malware Config

Extracted

Family

warzonerat

sandyclark255.hopto.org:5200

Extracted

Family

asyncrat

Version

0.5.6A

sandyclark255.hopto.org:6606

sandyclark255.hopto.org:8808

sandyclark255.hopto.org:7707

Mutex

adweqsds5

Attributes

aes_key
kv5uVyBGd24QqEsgPMVYkssYB7jsYam1
anti_detection
true
autorun
true
bdos
false
delay
host
sandyclark255.hopto.org
hwid
install_file
install_folder
%AppData%
mutex
adweqsds5
pastebin_config
null
port
6606,8808,7707
version
0.5.6A

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/3456-404-0x0000000001480000-0x000000000148D000-memory.dmp	asyncrat

Warzone RAT Payload 9 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/4436-52-0x0000000000400000-0x0000000000554000-memory.dmp	warzonerat
behavioral2/memory/4436-55-0x0000000000405CE2-mapping.dmp	warzonerat
behavioral2/memory/4436-60-0x0000000000400000-0x0000000000554000-memory.dmp	warzonerat
behavioral2/memory/4488-191-0x0000000000405CE2-mapping.dmp	warzonerat
behavioral2/memory/5896-509-0x0000000000405CE2-mapping.dmp	warzonerat
behavioral2/memory/5848-635-0x0000000000400000-0x0000000000554000-memory.dmp	warzonerat
behavioral2/memory/5848-639-0x0000000000400000-0x0000000000554000-memory.dmp	warzonerat
behavioral2/memory/5848-636-0x0000000000405CE2-mapping.dmp	warzonerat
behavioral2/memory/5972-699-0x0000000000405CE2-mapping.dmp	warzonerat

Executes dropped EXE 4 IoCs

Processes:

ZkgLT1kbB04JyQ7r.exe74cxYlbiaOZamCP3.exeqTyn0jwlXC8Zlpo2.exeQkyezzcQ2UfBhEu7.exe

pid process

1816 ZkgLT1kbB04JyQ7r.exe
2108 74cxYlbiaOZamCP3.exe
2240 qTyn0jwlXC8Zlpo2.exe
2416 QkyezzcQ2UfBhEu7.exe

pid	process
1816	ZkgLT1kbB04JyQ7r.exe
2108	74cxYlbiaOZamCP3.exe
2240	qTyn0jwlXC8Zlpo2.exe
2416	QkyezzcQ2UfBhEu7.exe

Suspicious Office macro 2 IoCs

Office document equipped with 4.0 macros.

macro xlm

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Jp2TOBozMrtcMhaS.doc	office_xlm_macros
C:\Users\Admin\AppData\Local\Temp\UzzczBKf06fCBuYp.doc	office_xlm_macros

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

MarioBitcoinMiner2020.exeZkgLT1kbB04JyQ7r.exe

description	pid	process
Token: SeDebugPrivilege	3916	MarioBitcoinMiner2020.exe
Token: 33	3916	MarioBitcoinMiner2020.exe
Token: SeIncBasePriorityPrivilege	3916	MarioBitcoinMiner2020.exe
Token: SeDebugPrivilege	1816	ZkgLT1kbB04JyQ7r.exe
Token: 33	1816	ZkgLT1kbB04JyQ7r.exe
Token: SeIncBasePriorityPrivilege	1816	ZkgLT1kbB04JyQ7r.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

MarioBitcoinMiner2020.exe

description	pid	process	target process
PID 3916 wrote to memory of 1816	3916	MarioBitcoinMiner2020.exe	ZkgLT1kbB04JyQ7r.exe
PID 3916 wrote to memory of 1816	3916	MarioBitcoinMiner2020.exe	ZkgLT1kbB04JyQ7r.exe
PID 3916 wrote to memory of 1816	3916	MarioBitcoinMiner2020.exe	ZkgLT1kbB04JyQ7r.exe
PID 3916 wrote to memory of 2108	3916	MarioBitcoinMiner2020.exe	74cxYlbiaOZamCP3.exe
PID 3916 wrote to memory of 2108	3916	MarioBitcoinMiner2020.exe	74cxYlbiaOZamCP3.exe
PID 3916 wrote to memory of 2108	3916	MarioBitcoinMiner2020.exe	74cxYlbiaOZamCP3.exe
PID 3916 wrote to memory of 2240	3916	MarioBitcoinMiner2020.exe	qTyn0jwlXC8Zlpo2.exe
PID 3916 wrote to memory of 2240	3916	MarioBitcoinMiner2020.exe	qTyn0jwlXC8Zlpo2.exe
PID 3916 wrote to memory of 2240	3916	MarioBitcoinMiner2020.exe	qTyn0jwlXC8Zlpo2.exe
PID 3916 wrote to memory of 2416	3916	MarioBitcoinMiner2020.exe	QkyezzcQ2UfBhEu7.exe
PID 3916 wrote to memory of 2416	3916	MarioBitcoinMiner2020.exe	QkyezzcQ2UfBhEu7.exe
PID 3916 wrote to memory of 2416	3916	MarioBitcoinMiner2020.exe	QkyezzcQ2UfBhEu7.exe
PID 3916 wrote to memory of 2704	3916	MarioBitcoinMiner2020.exe	57XkeEmAUUXGdZbC.exe
PID 3916 wrote to memory of 2704	3916	MarioBitcoinMiner2020.exe	57XkeEmAUUXGdZbC.exe
PID 3916 wrote to memory of 2704	3916	MarioBitcoinMiner2020.exe	57XkeEmAUUXGdZbC.exe

C:\Users\Admin\AppData\Local\Temp\MarioBitcoinMiner2020\MarioBitcoinMiner2020.exe
"C:\Users\Admin\AppData\Local\Temp\MarioBitcoinMiner2020\MarioBitcoinMiner2020.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3916

C:\Users\Admin\AppData\Local\Temp\ZkgLT1kbB04JyQ7r.exe
"C:\Users\Admin\AppData\Local\Temp\ZkgLT1kbB04JyQ7r.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1816

C:\Users\Admin\AppData\Local\Temp\74cxYlbiaOZamCP3.exe
"C:\Users\Admin\AppData\Local\Temp\74cxYlbiaOZamCP3.exe"
2⤵
- Executes dropped EXE
PID:2108

C:\Users\Admin\AppData\Local\Temp\qTyn0jwlXC8Zlpo2.exe
"C:\Users\Admin\AppData\Local\Temp\qTyn0jwlXC8Zlpo2.exe"
2⤵
- Executes dropped EXE
PID:2240

C:\Users\Admin\AppData\Local\Temp\QkyezzcQ2UfBhEu7.exe
"C:\Users\Admin\AppData\Local\Temp\QkyezzcQ2UfBhEu7.exe"
2⤵
- Executes dropped EXE
PID:2416

C:\Users\Admin\AppData\Local\Temp\57XkeEmAUUXGdZbC.exe
"C:\Users\Admin\AppData\Local\Temp\57XkeEmAUUXGdZbC.exe"
2⤵
PID:2704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\

Download Submit
C:\ProgramData\svheosts.exe

Download Submit
C:\ProgramData\svheosts.exe

Download Submit
C:\ProgramData\svhosts.exe

Download Submit
C:\ProgramData\svhosts.exe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\n3zAxquj2Lyo7XO1.exe.log

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\we3zuRTYbjBvN8Hc.exe.log

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D3D1E920-C256-48B5-BBB5-355168917178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Download Submit
C:\Users\Admin\AppData\Local\Temp\053z3ErAh4MmpuPx\svvhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\053z3ErAh4MmpuPx\svvhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\053z3ErAh4MmpuPx\svvhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\053z3ErAh4MmpuPx\svvhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\053z3ErAh4MmpuPx\svvhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\053z3ErAh4MmpuPx\svvhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\57XkeEmAUUXGdZbC.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\57XkeEmAUUXGdZbC.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\5eXXFIp68balN1ij\drivert.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\5eXXFIp68balN1ij\drivert.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\5eXXFIp68balN1ij\drivert.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\74cxYlbiaOZamCP3.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\74cxYlbiaOZamCP3.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\8De02sZap6AXDwZ7.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\8De02sZap6AXDwZ7.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Av01A0OXrp9ZW8oO\svthost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Av01A0OXrp9ZW8oO\svthost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Av01A0OXrp9ZW8oO\svthost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\D6mSrxCg0wEDTBCs.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\D6mSrxCg0wEDTBCs.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMrOILItsozDE8vA.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\EMrOILItsozDE8vA.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Jp2TOBozMrtcMhaS.doc
MD5
c9d6d08f56bbd1d0de27364dd67b5f97

SHA1
19d3bb684eabaef867702d8433f40fe417fa8367

SHA256
38e3e7e1068bd47cacf309bf08b037295a09fbae49c5fbbbe1a7372a9a602cc1

SHA512
09340e5de201ca818e3136d13c5516def1abe49f51be93dc03ec0eea5f4378a66ba234b1514493f661b7fc92dd180976953872e6c98036e7e4313d8e5c0e73d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\M5TALzLs8TdLkNPc.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\M5TALzLs8TdLkNPc.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\QkyezzcQ2UfBhEu7.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\QkyezzcQ2UfBhEu7.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\R5tq4FzRq1qUGF9C\yerewdt.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\R5tq4FzRq1qUGF9C\yerewdt.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\R5tq4FzRq1qUGF9C\yerewdt.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\R5tq4FzRq1qUGF9C\yerewdt.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\UzzczBKf06fCBuYp.doc
MD5
c9d6d08f56bbd1d0de27364dd67b5f97

SHA1
19d3bb684eabaef867702d8433f40fe417fa8367

SHA256
38e3e7e1068bd47cacf309bf08b037295a09fbae49c5fbbbe1a7372a9a602cc1

SHA512
09340e5de201ca818e3136d13c5516def1abe49f51be93dc03ec0eea5f4378a66ba234b1514493f661b7fc92dd180976953872e6c98036e7e4313d8e5c0e73d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZkgLT1kbB04JyQ7r.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZkgLT1kbB04JyQ7r.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bk25zUBH5k11c6Ck.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bk25zUBH5k11c6Ck.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsS272B4IRX0u10S\svnhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsS272B4IRX0u10S\svnhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsS272B4IRX0u10S\svnhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsS272B4IRX0u10S\svnhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsS272B4IRX0u10S\svnhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsS272B4IRX0u10S\svnhost.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\kV5pJRxtvTQLZvIF.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\kV5pJRxtvTQLZvIF.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3zAxquj2Lyo7XO1.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3zAxquj2Lyo7XO1.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3zAxquj2Lyo7XO1.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3zAxquj2Lyo7XO1.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\qTyn0jwlXC8Zlpo2.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\qTyn0jwlXC8Zlpo2.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6CE4.tmp.bat

Download Submit
C:\Users\Admin\AppData\Local\Temp\uPlA27nsCf7sryAH\servicesl.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\uPlA27nsCf7sryAH\servicesl.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\uPlA27nsCf7sryAHur\servicesl.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\uPlA27nsCf7sryAHur\servicesl.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\we3zuRTYbjBvN8Hc.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\we3zuRTYbjBvN8Hc.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\we3zuRTYbjBvN8Hc.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\y32cxKUa5bMf1Qge.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\y32cxKUa5bMf1Qge.exe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Download Submit
C:\Users\Admin\AppData\Roaming\operas.exe

Download Submit
C:\Users\Admin\AppData\Roaming\operas.exe

Download Submit
C:\Users\Admin\Documents\skypew.exe

Download Submit
C:\Users\Admin\Documents\skypew.exe

Download Submit
C:\Users\Admin\Documents\wrars.exe

Download Submit
C:\Users\Admin\Documents\wrars.exe

Download Submit
C:\Windows\svyhost.exe

Download Submit
C:\Windows\svyhost.exe

Download Submit
C:\Windows\svyhost.exe

Download Submit
C:\Windows\system32\drivers\etc\hosts

Download Submit
memory/888-319-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/888-322-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/888-364-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

Filesize
4KB

Download
memory/1244-246-0x0000000000000000-mapping.dmp

Download
memory/1244-575-0x0000000000000000-mapping.dmp

Download
memory/1244-568-0x0000000000000000-mapping.dmp

Download
memory/1244-573-0x0000000000000000-mapping.dmp

Download
memory/1244-570-0x0000000000000000-mapping.dmp

Download
memory/1244-564-0x0000000000000000-mapping.dmp

Download
memory/1244-544-0x0000000000000000-mapping.dmp

Download
memory/1244-546-0x0000000000000000-mapping.dmp

Download
memory/1244-542-0x0000000000000000-mapping.dmp

Download
memory/1244-539-0x0000000000000000-mapping.dmp

Download
memory/1244-532-0x0000000000000000-mapping.dmp

Download
memory/1244-535-0x0000000000000000-mapping.dmp

Download
memory/1452-123-0x0000000000000000-mapping.dmp

Download
memory/1452-88-0x0000000000000000-mapping.dmp

Download
memory/1452-85-0x0000000000000000-mapping.dmp

Download
memory/1452-87-0x0000000000000000-mapping.dmp

Download
memory/1452-16-0x0000000000000000-mapping.dmp

Download
memory/1452-128-0x0000000000000000-mapping.dmp

Download
memory/1452-130-0x0000000000000000-mapping.dmp

Download
memory/1452-125-0x0000000000000000-mapping.dmp

Download
memory/1452-121-0x0000000000000000-mapping.dmp

Download
memory/1452-90-0x0000000000000000-mapping.dmp

Download
memory/1452-92-0x0000000000000000-mapping.dmp

Download
memory/1452-94-0x0000000000000000-mapping.dmp

Download
memory/1564-28-0x000000000048F888-mapping.dmp

Download
memory/1564-26-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1564-31-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1616-643-0x0000000000000000-mapping.dmp

Download
memory/1652-332-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/1652-406-0x0000000005340000-0x0000000005341000-memory.dmp

Filesize
4KB

Download
memory/1816-86-0x0000000000000000-mapping.dmp

Download
memory/1816-81-0x0000000000000000-mapping.dmp

Download
memory/1816-83-0x0000000000000000-mapping.dmp

Download
memory/1816-76-0x0000000000000000-mapping.dmp

Download
memory/1816-194-0x0000000000000000-mapping.dmp

Download
memory/1816-195-0x0000000000000000-mapping.dmp

Download
memory/1816-196-0x0000000000000000-mapping.dmp

Download
memory/1816-197-0x0000000000000000-mapping.dmp

Download
memory/1816-74-0x0000000000000000-mapping.dmp

Download
memory/1816-199-0x0000000000000000-mapping.dmp

Download
memory/1816-0-0x0000000000000000-mapping.dmp

Download
memory/1816-78-0x0000000000000000-mapping.dmp

Download
memory/2108-716-0x0000000000000000-mapping.dmp

Download
memory/2108-714-0x0000000000000000-mapping.dmp

Download
memory/2108-3-0x0000000000000000-mapping.dmp

Download
memory/2108-705-0x0000000000000000-mapping.dmp

Download
memory/2108-706-0x0000000000000000-mapping.dmp

Download
memory/2108-712-0x0000000000000000-mapping.dmp

Download
memory/2108-711-0x0000000000000000-mapping.dmp

Download
memory/2108-708-0x0000000000000000-mapping.dmp

Download
memory/2108-710-0x0000000000000000-mapping.dmp

Download
memory/2152-423-0x0000000000000000-mapping.dmp

Download
memory/2152-428-0x0000000000000000-mapping.dmp

Download
memory/2152-134-0x0000000000000000-mapping.dmp

Download
memory/2152-436-0x0000000000000000-mapping.dmp

Download
memory/2152-201-0x0000000000000000-mapping.dmp

Download
memory/2152-432-0x0000000000000000-mapping.dmp

Download
memory/2152-206-0x0000000000000000-mapping.dmp

Download
memory/2152-205-0x0000000000000000-mapping.dmp

Download
memory/2152-202-0x0000000000000000-mapping.dmp

Download
memory/2152-204-0x0000000000000000-mapping.dmp

Download
memory/2152-203-0x0000000000000000-mapping.dmp

Download
memory/2152-425-0x0000000000000000-mapping.dmp

Download
memory/2216-285-0x0000000000000000-mapping.dmp

Download
memory/2216-313-0x000001F515EE0000-0x000001F516517000-memory.dmp

Filesize
6.2MB

Download
memory/2228-640-0x0000000004390000-0x0000000004391000-memory.dmp

Filesize
4KB

Download
memory/2228-646-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/2240-115-0x0000000000000000-mapping.dmp

Download
memory/2240-100-0x0000000000000000-mapping.dmp

Download
memory/2240-84-0x0000000000000000-mapping.dmp

Download
memory/2240-108-0x0000000000000000-mapping.dmp

Download
memory/2240-111-0x0000000000000000-mapping.dmp

Download
memory/2240-5-0x0000000000000000-mapping.dmp

Download
memory/2240-75-0x0000000000000000-mapping.dmp

Download
memory/2240-73-0x0000000000000000-mapping.dmp

Download
memory/2240-104-0x0000000000000000-mapping.dmp

Download
memory/2240-82-0x0000000000000000-mapping.dmp

Download
memory/2240-80-0x0000000000000000-mapping.dmp

Download
memory/2240-77-0x0000000000000000-mapping.dmp

Download
memory/2416-7-0x0000000000000000-mapping.dmp

Download
memory/2500-43-0x0000000005280000-0x0000000005281000-memory.dmp

Filesize
4KB

Download
memory/2500-36-0x0000000004730000-0x0000000004731000-memory.dmp

Filesize
4KB

Download
memory/2500-37-0x0000000004730000-0x0000000004731000-memory.dmp

Filesize
4KB

Download
memory/2624-217-0x0000000004730000-0x0000000004731000-memory.dmp

Filesize
4KB

Download
memory/2624-244-0x0000000005260000-0x0000000005261000-memory.dmp

Filesize
4KB

Download
memory/2704-465-0x0000000000000000-mapping.dmp

Download
memory/2704-473-0x0000000000000000-mapping.dmp

Download
memory/2704-471-0x0000000000000000-mapping.dmp

Download
memory/2704-445-0x0000000000000000-mapping.dmp

Download
memory/2704-442-0x0000000000000000-mapping.dmp

Download
memory/2704-439-0x0000000000000000-mapping.dmp

Download
memory/2704-451-0x0000000000000000-mapping.dmp

Download
memory/2704-435-0x0000000000000000-mapping.dmp

Download
memory/2704-483-0x0000000000000000-mapping.dmp

Download
memory/2704-480-0x0000000000000000-mapping.dmp

Download
memory/2704-476-0x0000000000000000-mapping.dmp

Download
memory/2704-10-0x0000000000000000-mapping.dmp

Download
memory/2704-468-0x0000000000000000-mapping.dmp

Download
memory/2704-448-0x0000000000000000-mapping.dmp

Download
memory/2704-431-0x0000000000000000-mapping.dmp

Download
memory/2704-454-0x0000000000000000-mapping.dmp

Download
memory/3456-404-0x0000000001480000-0x000000000148D000-memory.dmp

Filesize
52KB

Download
memory/3456-584-0x000000000A390000-0x000000000A391000-memory.dmp

Filesize
4KB

Download
memory/3456-113-0x0000000001430000-0x000000000144D000-memory.dmp

Filesize
116KB

Download
memory/3456-599-0x000000000D530000-0x000000000D531000-memory.dmp

Filesize
4KB

Download
memory/3456-39-0x0000000006F40000-0x0000000006F82000-memory.dmp

Filesize
264KB

Download
memory/3456-34-0x0000000005420000-0x0000000005421000-memory.dmp

Filesize
4KB

Download
memory/3456-13-0x0000000000000000-mapping.dmp

Download
memory/3456-27-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/3456-25-0x00000000058D0000-0x00000000058D1000-memory.dmp

Filesize
4KB

Download
memory/3456-23-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/3456-19-0x00000000714D0000-0x0000000071BBE000-memory.dmp

Filesize
6.9MB

Download
memory/3660-330-0x0000000000000000-mapping.dmp

Download
memory/3660-323-0x0000000000000000-mapping.dmp

Download
memory/3840-651-0x0000000000000000-mapping.dmp

Download
memory/3840-648-0x0000000000000000-mapping.dmp

Download
memory/3840-652-0x0000000000000000-mapping.dmp

Download
memory/3840-641-0x0000000000000000-mapping.dmp

Download
memory/3840-642-0x0000000000000000-mapping.dmp

Download
memory/3840-644-0x0000000000000000-mapping.dmp

Download
memory/3840-645-0x0000000000000000-mapping.dmp

Download
memory/3840-248-0x0000000000000000-mapping.dmp

Download
memory/3840-647-0x0000000000000000-mapping.dmp

Download
memory/3840-649-0x0000000000000000-mapping.dmp

Download
memory/3840-650-0x0000000000000000-mapping.dmp

Download
memory/3852-260-0x0000000000000000-mapping.dmp

Download
memory/4016-22-0x0000000000000000-mapping.dmp

Download
memory/4016-44-0x0000028139450000-0x0000028139A87000-memory.dmp

Filesize
6.2MB

Download
memory/4040-35-0x0000000000000000-mapping.dmp

Download
memory/4040-33-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/4040-32-0x0000000000000000-mapping.dmp

Download
memory/4048-612-0x0000000000000000-mapping.dmp

Download
memory/4048-627-0x0000000000000000-mapping.dmp

Download
memory/4048-626-0x0000000000000000-mapping.dmp

Download
memory/4048-265-0x0000000000000000-mapping.dmp

Download
memory/4048-611-0x0000000000000000-mapping.dmp

Download
memory/4048-628-0x0000000000000000-mapping.dmp

Download
memory/4048-622-0x0000000000000000-mapping.dmp

Download
memory/4048-610-0x0000000000000000-mapping.dmp

Download
memory/4048-613-0x0000000000000000-mapping.dmp

Download
memory/4048-625-0x0000000000000000-mapping.dmp

Download
memory/4048-614-0x0000000000000000-mapping.dmp

Download
memory/4048-624-0x0000000000000000-mapping.dmp

Download
memory/4048-615-0x0000000000000000-mapping.dmp

Download
memory/4048-623-0x0000000000000000-mapping.dmp

Download
memory/4048-617-0x0000000000000000-mapping.dmp

Download
memory/4048-616-0x0000000000000000-mapping.dmp

Download
memory/4160-386-0x0000000000000000-mapping.dmp

Download
memory/4160-340-0x0000000000000000-mapping.dmp

Download
memory/4160-391-0x0000000000000000-mapping.dmp

Download
memory/4160-336-0x0000000000000000-mapping.dmp

Download
memory/4160-347-0x0000000000000000-mapping.dmp

Download
memory/4160-351-0x0000000000000000-mapping.dmp

Download
memory/4160-344-0x0000000000000000-mapping.dmp

Download
memory/4160-398-0x0000000000000000-mapping.dmp

Download
memory/4160-394-0x0000000000000000-mapping.dmp

Download
memory/4160-382-0x0000000000000000-mapping.dmp

Download
memory/4160-355-0x0000000000000000-mapping.dmp

Download
memory/4160-156-0x0000000000000000-mapping.dmp

Download
memory/4200-371-0x0000000000000000-mapping.dmp

Download
memory/4200-594-0x0000000000000000-mapping.dmp

Download
memory/4200-595-0x0000000000000000-mapping.dmp

Download
memory/4200-380-0x0000000000000000-mapping.dmp

Download
memory/4200-596-0x0000000000000000-mapping.dmp

Download
memory/4200-592-0x0000000000000000-mapping.dmp

Download
memory/4200-597-0x0000000000000000-mapping.dmp

Download
memory/4200-593-0x0000000000000000-mapping.dmp

Download
memory/4200-384-0x0000000000000000-mapping.dmp

Download
memory/4200-357-0x0000000000000000-mapping.dmp

Download
memory/4200-360-0x0000000000000000-mapping.dmp

Download
memory/4200-365-0x0000000000000000-mapping.dmp

Download
memory/4200-374-0x0000000000000000-mapping.dmp

Download
memory/4200-368-0x0000000000000000-mapping.dmp

Download
memory/4200-40-0x0000000000000000-mapping.dmp

Download
memory/4200-377-0x0000000000000000-mapping.dmp

Download
memory/4200-353-0x0000000000000000-mapping.dmp

Download
memory/4200-591-0x0000000000000000-mapping.dmp

Download
memory/4200-588-0x0000000000000000-mapping.dmp

Download
memory/4200-589-0x0000000000000000-mapping.dmp

Download
memory/4200-586-0x0000000000000000-mapping.dmp

Download
memory/4200-388-0x0000000000000000-mapping.dmp

Download
memory/4200-587-0x0000000000000000-mapping.dmp

Download
memory/4200-349-0x0000000000000000-mapping.dmp

Download
memory/4380-48-0x000000000048F888-mapping.dmp

Download
memory/4380-47-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/4380-53-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/4428-50-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/4428-58-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/4428-54-0x000000000046A08C-mapping.dmp

Download
memory/4436-60-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/4436-52-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/4436-55-0x0000000000405CE2-mapping.dmp

Download
memory/4488-191-0x0000000000405CE2-mapping.dmp

Download
memory/4524-65-0x0000000004390000-0x0000000004391000-memory.dmp

Filesize
4KB

Download
memory/4524-89-0x0000000004C10000-0x0000000004C11000-memory.dmp

Filesize
4KB

Download
memory/4532-66-0x0000000004A50000-0x0000000004A51000-memory.dmp

Filesize
4KB

Download
memory/4532-93-0x00000000053B0000-0x00000000053B1000-memory.dmp

Filesize
4KB

Download
memory/4584-67-0x0000000000000000-mapping.dmp

Download
memory/4584-63-0x0000000000000000-mapping.dmp

Download
memory/4612-270-0x0000000000000000-mapping.dmp

Download
memory/4612-280-0x00000000714D0000-0x0000000071BBE000-memory.dmp

Filesize
6.9MB

Download
memory/4628-225-0x0000000000000000-mapping.dmp

Download
memory/4628-222-0x0000000000D70000-0x0000000000D71000-memory.dmp

Filesize
4KB

Download
memory/4628-220-0x0000000000000000-mapping.dmp

Download
memory/4660-70-0x000000000042852E-mapping.dmp

Download
memory/4660-69-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4660-72-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4684-551-0x0000000000000000-mapping.dmp

Download
memory/4684-585-0x0000000000000000-mapping.dmp

Download
memory/4684-275-0x0000000000000000-mapping.dmp

Download
memory/4684-561-0x0000000000000000-mapping.dmp

Download
memory/4684-549-0x0000000000000000-mapping.dmp

Download
memory/4684-555-0x0000000000000000-mapping.dmp

Download
memory/4684-558-0x0000000000000000-mapping.dmp

Download
memory/4684-579-0x0000000000000000-mapping.dmp

Download
memory/4684-547-0x0000000000000000-mapping.dmp

Download
memory/4684-582-0x0000000000000000-mapping.dmp

Download
memory/4684-581-0x0000000000000000-mapping.dmp

Download
memory/4684-583-0x0000000000000000-mapping.dmp

Download
memory/4704-307-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/4704-299-0x000000000048F888-mapping.dmp

Download
memory/4720-209-0x000000000048F888-mapping.dmp

Download
memory/4720-212-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/4744-79-0x0000000004390000-0x0000000004391000-memory.dmp

Filesize
4KB

Download
memory/4744-99-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/4836-527-0x0000000000000000-mapping.dmp

Download
memory/4836-514-0x0000000000000000-mapping.dmp

Download
memory/4836-254-0x0000000000000000-mapping.dmp

Download
memory/4836-517-0x0000000000000000-mapping.dmp

Download
memory/4836-520-0x0000000000000000-mapping.dmp

Download
memory/4836-524-0x0000000000000000-mapping.dmp

Download
memory/4836-529-0x0000000000000000-mapping.dmp

Download
memory/4836-565-0x0000000000000000-mapping.dmp

Download
memory/4836-562-0x0000000000000000-mapping.dmp

Download
memory/4836-556-0x0000000000000000-mapping.dmp

Download
memory/4836-553-0x0000000000000000-mapping.dmp

Download
memory/4836-559-0x0000000000000000-mapping.dmp

Download
memory/4908-239-0x0000000000000000-mapping.dmp

Download
memory/4908-474-0x0000000000000000-mapping.dmp

Download
memory/4908-97-0x0000000000000000-mapping.dmp

Download
memory/4908-484-0x0000000000000000-mapping.dmp

Download
memory/4908-477-0x0000000000000000-mapping.dmp

Download
memory/4908-230-0x0000000000000000-mapping.dmp

Download
memory/4908-464-0x0000000000000000-mapping.dmp

Download
memory/4908-470-0x0000000000000000-mapping.dmp

Download
memory/4908-228-0x0000000000000000-mapping.dmp

Download
memory/4908-235-0x0000000000000000-mapping.dmp

Download
memory/4908-481-0x0000000000000000-mapping.dmp

Download
memory/4908-237-0x0000000000000000-mapping.dmp

Download
memory/4908-232-0x0000000000000000-mapping.dmp

Download
memory/4908-467-0x0000000000000000-mapping.dmp

Download
memory/4920-198-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/4920-213-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/4988-297-0x000000000042852E-mapping.dmp

Download
memory/5048-223-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

Filesize
4KB

Download
memory/5048-226-0x0000000000000000-mapping.dmp

Download
memory/5048-208-0x0000000000000000-mapping.dmp

Download
memory/5076-603-0x000000000040715C-mapping.dmp

Download
memory/5220-403-0x000000000040715C-mapping.dmp

Download
memory/5220-397-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/5220-410-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/5300-600-0x0000000000000000-mapping.dmp

Download
memory/5364-421-0x0000000004B60000-0x0000000004B61000-memory.dmp

Filesize
4KB

Download
memory/5364-460-0x00000000056D0000-0x00000000056D1000-memory.dmp

Filesize
4KB

Download
memory/5392-656-0x0000000000000000-mapping.dmp

Download
memory/5400-661-0x0000000000000000-mapping.dmp

Download
memory/5400-660-0x0000000000000000-mapping.dmp

Download
memory/5400-664-0x00000000714D0000-0x0000000071BBE000-memory.dmp

Filesize
6.9MB

Download
memory/5612-609-0x0000000004390000-0x0000000004391000-memory.dmp

Filesize
4KB

Download
memory/5612-606-0x0000000004390000-0x0000000004391000-memory.dmp

Filesize
4KB

Download
memory/5612-618-0x0000000004C70000-0x0000000004C71000-memory.dmp

Filesize
4KB

Download
memory/5688-709-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/5688-702-0x00000000046C0000-0x00000000046C1000-memory.dmp

Filesize
4KB

Download
memory/5760-492-0x000000000048F888-mapping.dmp

Download
memory/5776-497-0x000000000046A08C-mapping.dmp

Download
memory/5776-500-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/5832-505-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/5832-533-0x00000000055B0000-0x00000000055B1000-memory.dmp

Filesize
4KB

Download
memory/5848-635-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/5848-639-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/5848-636-0x0000000000405CE2-mapping.dmp

Download
memory/5896-509-0x0000000000405CE2-mapping.dmp

Download
memory/5972-699-0x0000000000405CE2-mapping.dmp

Download
memory/5976-519-0x000000000042852E-mapping.dmp

Download
memory/6004-552-0x0000000005560000-0x0000000005561000-memory.dmp

Filesize
4KB

Download
memory/6004-526-0x0000000004980000-0x0000000004981000-memory.dmp

Filesize
4KB

Download
memory/6016-631-0x0000000000000000-mapping.dmp

Download
memory/6040-679-0x0000000007F50000-0x0000000007F51000-memory.dmp

Filesize
4KB

Download
memory/6040-677-0x0000000007D20000-0x0000000007D21000-memory.dmp

Filesize
4KB

Download
memory/6040-693-0x0000000009270000-0x0000000009271000-memory.dmp

Filesize
4KB

Download
memory/6040-694-0x00000000094E0000-0x00000000094E1000-memory.dmp

Filesize
4KB

Download
memory/6040-695-0x00000000098B0000-0x00000000098B1000-memory.dmp

Filesize
4KB

Download
memory/6040-682-0x00000000085A0000-0x00000000085A1000-memory.dmp

Filesize
4KB

Download
memory/6040-681-0x0000000008710000-0x0000000008711000-memory.dmp

Filesize
4KB

Download
memory/6040-680-0x0000000007CE0000-0x0000000007CE1000-memory.dmp

Filesize
4KB

Download
memory/6040-655-0x0000000000000000-mapping.dmp

Download
memory/6040-686-0x00000000093B0000-0x00000000093E3000-memory.dmp

Filesize
204KB

Download
memory/6040-717-0x00000000097B0000-0x00000000097B1000-memory.dmp

Filesize
4KB

Download
memory/6040-675-0x0000000007530000-0x0000000007531000-memory.dmp

Filesize
4KB

Download
memory/6040-671-0x0000000007680000-0x0000000007681000-memory.dmp

Filesize
4KB

Download
memory/6040-668-0x0000000004AE0000-0x0000000004AE1000-memory.dmp

Filesize
4KB

Download
memory/6040-665-0x00000000714D0000-0x0000000071BBE000-memory.dmp

Filesize
6.9MB

Download
memory/6040-713-0x00000000097C0000-0x00000000097C1000-memory.dmp

Filesize
4KB

Download
memory/6048-632-0x0000000000000000-mapping.dmp

Download
memory/6092-536-0x0000000004860000-0x0000000004861000-memory.dmp

Filesize
4KB

Download
memory/6092-571-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download