agenttesla | 381768716f30918b472bb41e9aca29d1b01643ec1892545453d104f03bc2a612

Analysis

max time kernel
100s
max time network
119s
platform
windows7_x64
resource
win7v20201028
submitted
26-02-2021 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

INVOICE-0899877.jar
Size

1.0MB
MD5

69177a6a0ac1953b7fe870f44d0b08b5
SHA1

050090f180f571711def0706a23e32a715ec5be5
SHA256

381768716f30918b472bb41e9aca29d1b01643ec1892545453d104f03bc2a612
SHA512

b03921f0e1ad1df192b6c85663fdcb22700808829c02356ee9a82623267553b77b974f14bdf710b4fd523ccee97c0d31cae9fcf0989c85712f65e607e7a665dd

Score

10^/10

agenttesla snakekeylogger keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.potagrup.com
Port:
587
Username:
[email protected]
Password:
Pgrup@2021

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
stealer keylogger snakekeylogger

Snake Keylogger Payload 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/528-22-0x0000000000400000-0x00000000004D3000-memory.dmp	family_snakekeylogger
behavioral1/memory/528-35-0x0000000000400000-0x00000000004D3000-memory.dmp	family_snakekeylogger
\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe	family_snakekeylogger
C:\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe	family_snakekeylogger
C:\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe	family_snakekeylogger

AgentTesla Payload 11 IoCs

Processes:

resource	yara_rule
behavioral1/memory/528-22-0x0000000000400000-0x00000000004D3000-memory.dmp	family_agenttesla
behavioral1/memory/528-23-0x000000000040104C-mapping.dmp	family_agenttesla
\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe	family_agenttesla
\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe	family_agenttesla
C:\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe	family_agenttesla
\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe	family_agenttesla
behavioral1/memory/528-35-0x0000000000400000-0x00000000004D3000-memory.dmp	family_agenttesla
C:\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe	family_agenttesla
C:\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe	family_agenttesla
C:\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe	family_agenttesla
\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe	family_agenttesla

Beds Protector Packer 1 IoCs

Detects Beds Protector packer used to load .NET malware.

Processes:

resource	yara_rule
behavioral1/memory/1544-10-0x00000000048F0000-0x00000000049F3000-memory.dmp	beds_protector

Executes dropped EXE 5 IoCs

Processes:

cb1M.execb1M.exe0RIGIN 2.0.exe0RIGIN 4.0.exePGRUP SNAKE2021.exe

pid process

1544 cb1M.exe
528 cb1M.exe
272 0RIGIN 2.0.exe
1064 0RIGIN 4.0.exe
476 PGRUP SNAKE2021.exe

pid	process
1544	cb1M.exe
528	cb1M.exe
272	0RIGIN 2.0.exe
1064	0RIGIN 4.0.exe
476	PGRUP SNAKE2021.exe

Drops startup file 2 IoCs

Processes:

Powershell.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Drivers.exe	Powershell.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Drivers.exe	Powershell.exe

Loads dropped DLL 6 IoCs

Processes:

cb1M.execb1M.exedw20.exe

pid process

1544 cb1M.exe
528 cb1M.exe
528 cb1M.exe
528 cb1M.exe
528 cb1M.exe
1908 dw20.exe
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 checkip.dyndns.org
9 freegeoip.app
10 freegeoip.app
Suspicious use of SetThreadContext 1 IoCs

Processes:

cb1M.exe

description pid process target process

PID 1544 set thread context of 528 1544 cb1M.exe cb1M.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

Powershell.exePGRUP SNAKE2021.exe0RIGIN 4.0.exe0RIGIN 2.0.exe

pid process

1752 Powershell.exe
1752 Powershell.exe
476 PGRUP SNAKE2021.exe
1064 0RIGIN 4.0.exe
1064 0RIGIN 4.0.exe
272 0RIGIN 2.0.exe
272 0RIGIN 2.0.exe

pid	process
1544	cb1M.exe
528	cb1M.exe
528	cb1M.exe
528	cb1M.exe
528	cb1M.exe
1908	dw20.exe

flow	ioc
4	checkip.dyndns.org
9	freegeoip.app
10	freegeoip.app

description	pid	process	target process
PID 1544 set thread context of 528	1544	cb1M.exe	cb1M.exe

pid	process
1752	Powershell.exe
1752	Powershell.exe
476	PGRUP SNAKE2021.exe
1064	0RIGIN 4.0.exe
1064	0RIGIN 4.0.exe
272	0RIGIN 2.0.exe
272	0RIGIN 2.0.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Powershell.exePGRUP SNAKE2021.exe0RIGIN 4.0.exe0RIGIN 2.0.exe

description	pid	process
Token: SeDebugPrivilege	1752	Powershell.exe
Token: SeDebugPrivilege	476	PGRUP SNAKE2021.exe
Token: SeDebugPrivilege	1064	0RIGIN 4.0.exe
Token: SeDebugPrivilege	272	0RIGIN 2.0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

java.execb1M.exe

pid process

1932 java.exe
528 cb1M.exe

pid	process
1932	java.exe
528	cb1M.exe

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

java.execb1M.execb1M.exe0RIGIN 2.0.exe

description	pid	process	target process
PID 1932 wrote to memory of 1544	1932	java.exe	cb1M.exe
PID 1932 wrote to memory of 1544	1932	java.exe	cb1M.exe
PID 1932 wrote to memory of 1544	1932	java.exe	cb1M.exe
PID 1932 wrote to memory of 1544	1932	java.exe	cb1M.exe
PID 1544 wrote to memory of 1752	1544	cb1M.exe	Powershell.exe
PID 1544 wrote to memory of 1752	1544	cb1M.exe	Powershell.exe
PID 1544 wrote to memory of 1752	1544	cb1M.exe	Powershell.exe
PID 1544 wrote to memory of 1752	1544	cb1M.exe	Powershell.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 1544 wrote to memory of 528	1544	cb1M.exe	cb1M.exe
PID 528 wrote to memory of 272	528	cb1M.exe	0RIGIN 2.0.exe
PID 528 wrote to memory of 272	528	cb1M.exe	0RIGIN 2.0.exe
PID 528 wrote to memory of 272	528	cb1M.exe	0RIGIN 2.0.exe
PID 528 wrote to memory of 272	528	cb1M.exe	0RIGIN 2.0.exe
PID 528 wrote to memory of 1064	528	cb1M.exe	0RIGIN 4.0.exe
PID 528 wrote to memory of 1064	528	cb1M.exe	0RIGIN 4.0.exe
PID 528 wrote to memory of 1064	528	cb1M.exe	0RIGIN 4.0.exe
PID 528 wrote to memory of 1064	528	cb1M.exe	0RIGIN 4.0.exe
PID 528 wrote to memory of 476	528	cb1M.exe	PGRUP SNAKE2021.exe
PID 528 wrote to memory of 476	528	cb1M.exe	PGRUP SNAKE2021.exe
PID 528 wrote to memory of 476	528	cb1M.exe	PGRUP SNAKE2021.exe
PID 528 wrote to memory of 476	528	cb1M.exe	PGRUP SNAKE2021.exe
PID 272 wrote to memory of 1908	272	0RIGIN 2.0.exe	dw20.exe
PID 272 wrote to memory of 1908	272	0RIGIN 2.0.exe	dw20.exe
PID 272 wrote to memory of 1908	272	0RIGIN 2.0.exe	dw20.exe
PID 272 wrote to memory of 1908	272	0RIGIN 2.0.exe	dw20.exe

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\INVOICE-0899877.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\cb1M.exe
C:\Users\Admin\cb1M.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1544

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
"Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\Admin\cb1M.exe' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Drivers.exe'
3⤵
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Users\Admin\cb1M.exe
"C:\Users\Admin\cb1M.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:528

C:\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe" 0
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:272

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 520
5⤵
- Loads dropped DLL
PID:1908

C:\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe
"C:\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe" 0
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1064

C:\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe
"C:\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe" 0
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:476

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe
MD5
83f896eba915c6fcd3fd1913a39b9915

SHA1
b17a0b610fec952f3669aedc8e46a2400bdb1787

SHA256
18c57360035b052fd617a5762fb35a9299f7428e6c331fd7b4c08f4d7ec8ecb9

SHA512
f09a6c62fda5dedda7c8f0dda94bdcb7c6e0a2d2a511846907e1dc3db1a72269ca7163a1c90b2a94033817abcd4ccce11854c3a65e1799865df0f1cb76a60a74

Download Submit
C:\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe
MD5
83f896eba915c6fcd3fd1913a39b9915

SHA1
b17a0b610fec952f3669aedc8e46a2400bdb1787

SHA256
18c57360035b052fd617a5762fb35a9299f7428e6c331fd7b4c08f4d7ec8ecb9

SHA512
f09a6c62fda5dedda7c8f0dda94bdcb7c6e0a2d2a511846907e1dc3db1a72269ca7163a1c90b2a94033817abcd4ccce11854c3a65e1799865df0f1cb76a60a74

Download Submit
C:\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe
MD5
bbc8f515c647cd3763f1586e15b5ead6

SHA1
8ade922f0dd917c53e5ca68e45cf5201d9a2a43b

SHA256
9a4820e61cb98fce467a1510ad20e9f11af4c4e3c8745695f008d72599a47813

SHA512
d4b56b5241725358ff1a0dd4efe26317b6b64e0c9f8184aeb84ed23bafc7a25821e9ff30f69442d112f88e636d5e4c7125a72211241ea1fc1281a4f0df5468aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe
MD5
bbc8f515c647cd3763f1586e15b5ead6

SHA1
8ade922f0dd917c53e5ca68e45cf5201d9a2a43b

SHA256
9a4820e61cb98fce467a1510ad20e9f11af4c4e3c8745695f008d72599a47813

SHA512
d4b56b5241725358ff1a0dd4efe26317b6b64e0c9f8184aeb84ed23bafc7a25821e9ff30f69442d112f88e636d5e4c7125a72211241ea1fc1281a4f0df5468aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe
MD5
384c7a048993884b24056406e9226729

SHA1
d5d87c41c862e3b74e9ba8eb0bb2147668815c44

SHA256
eebf27101a97ad89df8e932c8003954b7e5ee6e9f4dca5e0880751d110946f35

SHA512
82fa49fc72df3f163855d2df103172be974fa6fc9f78b9b4192d66732ac48b21622663bed85f043a3e6c998326f28c7c43fb6fd3be5a25c951faf03172b28857

Download Submit
C:\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe
MD5
384c7a048993884b24056406e9226729

SHA1
d5d87c41c862e3b74e9ba8eb0bb2147668815c44

SHA256
eebf27101a97ad89df8e932c8003954b7e5ee6e9f4dca5e0880751d110946f35

SHA512
82fa49fc72df3f163855d2df103172be974fa6fc9f78b9b4192d66732ac48b21622663bed85f043a3e6c998326f28c7c43fb6fd3be5a25c951faf03172b28857

Download Submit
C:\Users\Admin\cb1M.exe
MD5
97aa8299f3eae737008853b62609dc53

SHA1
33d2ad2819f64bd616f8a0a8964c582efdaeb25b

SHA256
3cd722ce7162ece3b9e69d6482a1e26c80fb0435bce8a13ab787a8b61ecf8cac

SHA512
630c09e8d1ffcc208f5338fa8eec082617ab270b7a18b5bc12ceac2bd10a56e157970417359af1f76d8184650c881108029419acb31d6077f6976c4afe99c391

Download Submit
C:\Users\Admin\cb1M.exe
MD5
97aa8299f3eae737008853b62609dc53

SHA1
33d2ad2819f64bd616f8a0a8964c582efdaeb25b

SHA256
3cd722ce7162ece3b9e69d6482a1e26c80fb0435bce8a13ab787a8b61ecf8cac

SHA512
630c09e8d1ffcc208f5338fa8eec082617ab270b7a18b5bc12ceac2bd10a56e157970417359af1f76d8184650c881108029419acb31d6077f6976c4afe99c391

Download Submit
C:\Users\Admin\cb1M.exe
MD5
97aa8299f3eae737008853b62609dc53

SHA1
33d2ad2819f64bd616f8a0a8964c582efdaeb25b

SHA256
3cd722ce7162ece3b9e69d6482a1e26c80fb0435bce8a13ab787a8b61ecf8cac

SHA512
630c09e8d1ffcc208f5338fa8eec082617ab270b7a18b5bc12ceac2bd10a56e157970417359af1f76d8184650c881108029419acb31d6077f6976c4afe99c391

Download Submit
\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe
MD5
83f896eba915c6fcd3fd1913a39b9915

SHA1
b17a0b610fec952f3669aedc8e46a2400bdb1787

SHA256
18c57360035b052fd617a5762fb35a9299f7428e6c331fd7b4c08f4d7ec8ecb9

SHA512
f09a6c62fda5dedda7c8f0dda94bdcb7c6e0a2d2a511846907e1dc3db1a72269ca7163a1c90b2a94033817abcd4ccce11854c3a65e1799865df0f1cb76a60a74

Download Submit
\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe
MD5
83f896eba915c6fcd3fd1913a39b9915

SHA1
b17a0b610fec952f3669aedc8e46a2400bdb1787

SHA256
18c57360035b052fd617a5762fb35a9299f7428e6c331fd7b4c08f4d7ec8ecb9

SHA512
f09a6c62fda5dedda7c8f0dda94bdcb7c6e0a2d2a511846907e1dc3db1a72269ca7163a1c90b2a94033817abcd4ccce11854c3a65e1799865df0f1cb76a60a74

Download Submit
\Users\Admin\AppData\Local\Temp\0RIGIN 2.0.exe
MD5
83f896eba915c6fcd3fd1913a39b9915

SHA1
b17a0b610fec952f3669aedc8e46a2400bdb1787

SHA256
18c57360035b052fd617a5762fb35a9299f7428e6c331fd7b4c08f4d7ec8ecb9

SHA512
f09a6c62fda5dedda7c8f0dda94bdcb7c6e0a2d2a511846907e1dc3db1a72269ca7163a1c90b2a94033817abcd4ccce11854c3a65e1799865df0f1cb76a60a74

Download Submit
\Users\Admin\AppData\Local\Temp\0RIGIN 4.0.exe
MD5
bbc8f515c647cd3763f1586e15b5ead6

SHA1
8ade922f0dd917c53e5ca68e45cf5201d9a2a43b

SHA256
9a4820e61cb98fce467a1510ad20e9f11af4c4e3c8745695f008d72599a47813

SHA512
d4b56b5241725358ff1a0dd4efe26317b6b64e0c9f8184aeb84ed23bafc7a25821e9ff30f69442d112f88e636d5e4c7125a72211241ea1fc1281a4f0df5468aa

Download Submit
\Users\Admin\AppData\Local\Temp\PGRUP SNAKE2021.exe
MD5
384c7a048993884b24056406e9226729

SHA1
d5d87c41c862e3b74e9ba8eb0bb2147668815c44

SHA256
eebf27101a97ad89df8e932c8003954b7e5ee6e9f4dca5e0880751d110946f35

SHA512
82fa49fc72df3f163855d2df103172be974fa6fc9f78b9b4192d66732ac48b21622663bed85f043a3e6c998326f28c7c43fb6fd3be5a25c951faf03172b28857

Download Submit
\Users\Admin\cb1M.exe
MD5
97aa8299f3eae737008853b62609dc53

SHA1
33d2ad2819f64bd616f8a0a8964c582efdaeb25b

SHA256
3cd722ce7162ece3b9e69d6482a1e26c80fb0435bce8a13ab787a8b61ecf8cac

SHA512
630c09e8d1ffcc208f5338fa8eec082617ab270b7a18b5bc12ceac2bd10a56e157970417359af1f76d8184650c881108029419acb31d6077f6976c4afe99c391

Download Submit
memory/272-37-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download
memory/272-30-0x0000000000000000-mapping.dmp

Download
memory/476-47-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/476-52-0x0000000004980000-0x0000000004981000-memory.dmp

Filesize
4KB

Download
memory/476-45-0x0000000072A30000-0x000000007311E000-memory.dmp

Filesize
6.9MB

Download
memory/476-39-0x0000000000000000-mapping.dmp

Download
memory/528-22-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/528-23-0x000000000040104C-mapping.dmp

Download
memory/528-35-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1064-42-0x0000000072A30000-0x000000007311E000-memory.dmp

Filesize
6.9MB

Download
memory/1064-76-0x0000000004921000-0x0000000004922000-memory.dmp

Filesize
4KB

Download
memory/1064-51-0x0000000004920000-0x0000000004921000-memory.dmp

Filesize
4KB

Download
memory/1064-46-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/1064-34-0x0000000000000000-mapping.dmp

Download
memory/1188-57-0x000007FEF5BC0000-0x000007FEF5E3A000-memory.dmp

Filesize
2.5MB

Download
memory/1544-7-0x0000000072A30000-0x000000007311E000-memory.dmp

Filesize
6.9MB

Download
memory/1544-20-0x00000000003B0000-0x00000000003BF000-memory.dmp

Filesize
60KB

Download
memory/1544-16-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

Filesize
4KB

Download
memory/1544-4-0x0000000000000000-mapping.dmp

Download
memory/1544-10-0x00000000048F0000-0x00000000049F3000-memory.dmp

Filesize
1.0MB

Download
memory/1544-8-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/1752-18-0x00000000048C2000-0x00000000048C3000-memory.dmp

Filesize
4KB

Download
memory/1752-61-0x000000007EF30000-0x000000007EF31000-memory.dmp

Filesize
4KB

Download
memory/1752-14-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/1752-15-0x0000000004900000-0x0000000004901000-memory.dmp

Filesize
4KB

Download
memory/1752-19-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/1752-50-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1752-17-0x00000000048C0000-0x00000000048C1000-memory.dmp

Filesize
4KB

Download
memory/1752-11-0x0000000000000000-mapping.dmp

Download
memory/1752-55-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/1752-13-0x0000000072A30000-0x000000007311E000-memory.dmp

Filesize
6.9MB

Download
memory/1752-62-0x00000000056B0000-0x00000000056B1000-memory.dmp

Filesize
4KB

Download
memory/1752-63-0x0000000006210000-0x0000000006211000-memory.dmp

Filesize
4KB

Download
memory/1752-12-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download
memory/1752-70-0x00000000061B0000-0x00000000061B1000-memory.dmp

Filesize
4KB

Download
memory/1908-71-0x0000000000000000-mapping.dmp

Download
memory/1908-72-0x0000000001F40000-0x0000000001F51000-memory.dmp

Filesize
68KB

Download
memory/1908-75-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/1932-3-0x0000000002120000-0x0000000002390000-memory.dmp

Filesize
2.4MB

Download
memory/1932-2-0x000007FEFB541000-0x000007FEFB543000-memory.dmp

Filesize
8KB

Download