5fd9a8605221ee520a11865a5b07c9b37c894acb8e38a2965fb3f31d02bdeedc

Target

2020_21_S2_A2.exe
Size

75KB
MD5

603638e373770eab32b41fac447754e8
SHA1

fcec650c8784dfeb08e868c08be347f9d4d9a53b
SHA256

5fd9a8605221ee520a11865a5b07c9b37c894acb8e38a2965fb3f31d02bdeedc
SHA512

d83d7062aedb4eb77642aa91fb20c7159e403b87ea6de9c2487bec3739f2eac1dc86d40debca66cb9d93a71d43cd0869c2efbe7cf28deae9634add6387d3234b

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

FKGUMXYT.exe

pid process

1940 FKGUMXYT.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
1940	FKGUMXYT.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

FKGUMXYT.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Update = "C:\\FKGUMXYT.exe"	FKGUMXYT.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

chrome.exechrome.exe

pid process

2040 chrome.exe
2028 chrome.exe
2028 chrome.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

chrome.exe

pid process

2028 chrome.exe
2028 chrome.exe
2028 chrome.exe

pid	process
2040	chrome.exe
2028	chrome.exe
2028	chrome.exe

pid	process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2020_21_S2_A2.exechrome.exe

description	pid	process	target process
PID 1424 wrote to memory of 1940	1424	2020_21_S2_A2.exe	FKGUMXYT.exe
PID 1424 wrote to memory of 1940	1424	2020_21_S2_A2.exe	FKGUMXYT.exe
PID 1424 wrote to memory of 1940	1424	2020_21_S2_A2.exe	FKGUMXYT.exe
PID 1424 wrote to memory of 1940	1424	2020_21_S2_A2.exe	FKGUMXYT.exe
PID 2028 wrote to memory of 1324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1236	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2040	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2040	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2040	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1636	2028	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\2020_21_S2_A2.exe
"C:\Users\Admin\AppData\Local\Temp\2020_21_S2_A2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1424

C:\FKGUMXYT.exe
"C:\FKGUMXYT.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6776e00,0x7fef6776e10,0x7fef6776e20
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1092 /prefetch:2
2⤵
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1212 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
2⤵
PID:688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
2⤵
PID:308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3112 /prefetch:2
2⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3400 /prefetch:8
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1072,10961675929005954931,12553499568021767876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3332 /prefetch:8
2⤵
PID:2512

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FKGUMXYT.exe
MD5
603638e373770eab32b41fac447754e8

SHA1
fcec650c8784dfeb08e868c08be347f9d4d9a53b

SHA256
5fd9a8605221ee520a11865a5b07c9b37c894acb8e38a2965fb3f31d02bdeedc

SHA512
d83d7062aedb4eb77642aa91fb20c7159e403b87ea6de9c2487bec3739f2eac1dc86d40debca66cb9d93a71d43cd0869c2efbe7cf28deae9634add6387d3234b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
8c4a2295377ff280245308d49a909662

SHA1
8d4fe952115f2670d2070ae185c263c08eafe325

SHA256
afc4e78afd0d102ff3b1f5b16ff63442b0001ca2fc383bf77040380cbd2ef409

SHA512
32ef0a035a94f89bb7b09359ac93981b47bb78d5cdd940b414524b1548f3ca2b473fa052eff8a1933b731d8f224e09e15c421e17c2fb4b560a60142bd72f4a03

Download Submit
\??\pipe\crashpad_2028_ZSGTTROBOFNOGIMO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/308-171-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-169-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-195-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-184-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-185-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-196-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-173-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-197-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-198-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-199-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-31-0x0000000000000000-mapping.dmp

Download
memory/308-186-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-200-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-201-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-193-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-166-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-45-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-47-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-49-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-48-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-46-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-167-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-59-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-72-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-168-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-174-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-172-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-183-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-170-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-187-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-194-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-175-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-176-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-177-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-178-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-179-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-180-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-181-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-211-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-182-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-210-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-209-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-208-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-207-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-206-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-205-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-204-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-203-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-202-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-190-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-189-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/308-188-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/396-6-0x000007FEF74A0000-0x000007FEF771A000-memory.dmp

Filesize
2.5MB

Download
memory/524-34-0x0000000000000000-mapping.dmp

Download
memory/688-21-0x0000000000000000-mapping.dmp

Download
memory/1208-17-0x0000000000000000-mapping.dmp

Download
memory/1236-10-0x0000000000000000-mapping.dmp

Download
memory/1236-12-0x00000000771D0000-0x00000000771D1000-memory.dmp

Filesize
4KB

Download
memory/1324-7-0x0000000000000000-mapping.dmp

Download
memory/1420-146-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-148-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-27-0x0000000000000000-mapping.dmp

Download
memory/1420-123-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-124-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-125-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-126-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-127-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-128-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-129-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-130-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-131-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-132-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-133-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-134-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-191-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-135-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-43-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-165-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-164-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-163-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-162-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-161-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-160-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-159-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-158-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-157-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-156-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-155-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-154-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-153-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-152-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-151-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-150-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-149-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-136-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-147-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-42-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-145-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-144-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-143-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-142-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-141-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-140-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-139-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-138-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1420-137-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1424-2-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

Filesize
8KB

Download
memory/1636-219-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-226-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-217-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-225-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-224-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-223-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-222-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-221-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-216-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-228-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-233-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-227-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-220-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-215-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-229-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-218-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-214-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-230-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-231-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1636-15-0x0000000000000000-mapping.dmp

Download
memory/1636-232-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1844-37-0x0000000000000000-mapping.dmp

Download
memory/1884-107-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-87-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-86-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-85-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-84-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-83-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-82-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-81-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-80-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-79-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-78-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-88-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-89-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-90-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-91-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-92-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-93-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-95-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-96-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-97-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-98-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-99-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-100-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-101-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-102-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-103-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-104-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-105-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-106-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-108-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-109-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-110-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-111-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-112-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-113-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-114-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-115-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-116-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-117-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-118-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-119-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-121-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-120-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-94-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-61-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1884-23-0x0000000000000000-mapping.dmp

Download
memory/1940-3-0x0000000000000000-mapping.dmp

Download
memory/2028-28-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/2040-11-0x0000000000000000-mapping.dmp

Download
memory/2228-40-0x0000000000000000-mapping.dmp

Download
memory/2512-235-0x0000000000000000-mapping.dmp

Download