3d05fee7a89dfce1ad029562fa7b84346bce12d932214cde9b26f266d53ce49c

Analysis

max time kernel
131s
max time network
179s
platform
windows7_x64
resource
win7v20210410
submitted
10-06-2021 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d2f33da036cf7945401ec14ae9ff6ca.exe
Size

568KB
MD5

2d2f33da036cf7945401ec14ae9ff6ca
SHA1

411a5706daf68e47dd828af8c2616d67420b7a94
SHA256

3d05fee7a89dfce1ad029562fa7b84346bce12d932214cde9b26f266d53ce49c
SHA512

77ef687b29f74735eb652277cbc16b646cd0c14e0b2290eb05a9b5b9556b5f41b0a3c6126dee5be5f53485a35d81d454dac9ba5fe3322378ab3b9f061652feb0

Score

8^/10

spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

2d2f33da036cf7945401ec14ae9ff6ca.exe

description ioc process

File opened for modification C:\Windows\system32\drivers\etc\hosts 2d2f33da036cf7945401ec14ae9ff6ca.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2564 cmd.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	2d2f33da036cf7945401ec14ae9ff6ca.exe

pid	process
2564	cmd.exe

Drops file in Program Files directory 2 IoCs

Processes:

2d2f33da036cf7945401ec14ae9ff6ca.exe

description	ioc	process
File created	C:\Program Files\Mozilla Firefox\DotNetZip-2svmv52z.tmp	2d2f33da036cf7945401ec14ae9ff6ca.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\resources.pak	2d2f33da036cf7945401ec14ae9ff6ca.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

2868 taskkill.exe
2204 taskkill.exe

pid	process
2868	taskkill.exe
2204	taskkill.exe

Modifies registry class 2 IoCs

Processes:

firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	firefox.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

2d2f33da036cf7945401ec14ae9ff6ca.exechrome.exechrome.exe

pid process

1072 2d2f33da036cf7945401ec14ae9ff6ca.exe
1072 2d2f33da036cf7945401ec14ae9ff6ca.exe
2892 chrome.exe
2692 chrome.exe
2692 chrome.exe

pid	process
1072	2d2f33da036cf7945401ec14ae9ff6ca.exe
1072	2d2f33da036cf7945401ec14ae9ff6ca.exe
2892	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

2d2f33da036cf7945401ec14ae9ff6ca.exefirefox.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	1072	2d2f33da036cf7945401ec14ae9ff6ca.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	2204	taskkill.exe
Token: SeDebugPrivilege	2868	taskkill.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

firefox.exechrome.exe

pid process

1372 firefox.exe
1372 firefox.exe
1372 firefox.exe
1372 firefox.exe
2692 chrome.exe
2692 chrome.exe
2692 chrome.exe
2692 chrome.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1372 firefox.exe
1372 firefox.exe
1372 firefox.exe

pid	process
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

pid	process
1372	firefox.exe
1372	firefox.exe
1372	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2d2f33da036cf7945401ec14ae9ff6ca.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1072 wrote to memory of 1384	1072	2d2f33da036cf7945401ec14ae9ff6ca.exe	firefox.exe
PID 1072 wrote to memory of 1384	1072	2d2f33da036cf7945401ec14ae9ff6ca.exe	firefox.exe
PID 1072 wrote to memory of 1384	1072	2d2f33da036cf7945401ec14ae9ff6ca.exe	firefox.exe
PID 1072 wrote to memory of 1384	1072	2d2f33da036cf7945401ec14ae9ff6ca.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 1372	1384	firefox.exe	firefox.exe
PID 1372 wrote to memory of 112	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 112	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 112	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 1392	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 2060	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 2060	1372	firefox.exe	firefox.exe
PID 1372 wrote to memory of 2060	1372	firefox.exe	firefox.exe

C:\Users\Admin\AppData\Local\Temp\2d2f33da036cf7945401ec14ae9ff6ca.exe
"C:\Users\Admin\AppData\Local\Temp\2d2f33da036cf7945401ec14ae9ff6ca.exe"
1⤵
- Drops file in Drivers directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1372
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.0.106630737\1870456989" -parentBuildID 20200403170909 -prefsHandle 1168 -prefMapHandle 1160 -prefsLen 1 -prefMapSize 219622 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 1252 gpu
      4⤵
      PID:112
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.3.1755542433\1200676961" -childID 1 -isForBrowser -prefsHandle 1100 -prefMapHandle 1096 -prefsLen 156 -prefMapSize 219622 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 1648 tab
      4⤵
      PID:1392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.13.1840451812\40416012" -childID 2 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 7013 -prefMapSize 219622 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 2788 tab
      4⤵
      PID:2060
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.20.1873517276\1919559531" -childID 3 -isForBrowser -prefsHandle 2044 -prefMapHandle 3620 -prefsLen 7718 -prefMapSize 219622 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 3660 tab
      4⤵
      PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef4624f50,0x7fef4624f60,0x7fef4624f70
    3⤵
    PID:2708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:2
    3⤵
    PID:2856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1456 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 /prefetch:8
    3⤵
    PID:2940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
    3⤵
    PID:3052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
    3⤵
    PID:2088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,16196872524419240093,6202565756564436840,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
    3⤵
    PID:2516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /F /PID 1072 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\2d2f33da036cf7945401ec14ae9ff6ca.exe"
  2⤵
  - Deletes itself
  PID:2564
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /PID 1072
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2868
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /F /PID 1072 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\2d2f33da036cf7945401ec14ae9ff6ca.exe"
  2⤵
  PID:2716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /PID 1072
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\89.0.4389.114\resources.pak

MD5
3e998b0a5abb0efe40868764df9eb1d7

SHA1
4bda2600a91c9f7a9c1dd94713634e1a1321d03b

SHA256
b763e3899cf3d53877b5401b791d4e754bb99be5713bf5e2753319360d40214d

SHA512
86ac077d2ea8f9d0d507a8b4353a9348d9a1c3b2422906bc982df5d99ff820f968d7cdd7dd0009a35156c2e84e1ff869dcb0ad6d0d38294f3e30c698854ea863

Download Submit
C:\Program Files\Mozilla Firefox\omni.ja

MD5
86f6847d81cbe067e206f02345f10b4e

SHA1
d2b4d36a705c436011f139e7f145340c5a6d7f19

SHA256
626bcf589e00830f7f946d189cae3f262318c63c5f136387228f16e4dffccf50

SHA512
908cc549cff5e9e7b8ea327ab519a47d0bcde7551b6ac5dea82f89d3a62c39d644e015fcbe385e0e07c6c16a74671cfdfcee7cdb7ddd4007c3ce1334ea07f71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5
111a3a74df5d1f55081f5f7909a37d3c

SHA1
1e5cff714c01272f090e71b44ebaf2933c769e1d

SHA256
45ffb5e083fd277e0ab43d3fd3b6a69589c36064d023e56e3f250fa59482f4d1

SHA512
fc04b3b7488c27350c9c45a434c7c2ac7193f876085e7b3e2f7f712beb891b3d19f4c4273c930bab01a22159838466a26cf6a4ea7e2b3e8a547e1978235598d1

Download Submit
C:\Windows\system32\drivers\etc\hosts

MD5
7308e58bf4b9264368e35494e7627965

SHA1
d221abedd37acc45a9ebbd861106a66aee57e595

SHA256
ddb3763958a15ad9d6cedfd472daf9528e93ef5214b9dd4472de26a14705aae8

SHA512
1ed20fad96ae459e82592792038bffdfd4dc009eab84ab8af33ea2f9faed976aacd4937a8b0fec8095b05b02839c96277dccb6c3ca525ce226822d84670e279e

Download Submit
\??\pipe\crashpad_2692_VLHRZMEEYQYPXAKN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/112-71-0x0000000000000000-mapping.dmp

Download
memory/1072-62-0x00000000048E2000-0x00000000048E3000-memory.dmp

Filesize
4KB

Download
memory/1072-65-0x00000000048E4000-0x00000000048E6000-memory.dmp

Filesize
8KB

Download
memory/1072-59-0x00000000049F0000-0x0000000004ABF000-memory.dmp

Filesize
828KB

Download
memory/1072-64-0x0000000001EC0000-0x0000000001ECB000-memory.dmp

Filesize
44KB

Download
memory/1072-63-0x00000000048E3000-0x00000000048E4000-memory.dmp

Filesize
4KB

Download
memory/1072-61-0x00000000048E1000-0x00000000048E2000-memory.dmp

Filesize
4KB

Download
memory/1072-60-0x0000000004920000-0x00000000049ED000-memory.dmp

Filesize
820KB

Download
memory/1372-67-0x0000000000000000-mapping.dmp

Download
memory/1372-117-0x000007FECB6C0000-0x000007FECB6CA000-memory.dmp

Filesize
40KB

Download
memory/1372-116-0x000007FEF3FB0000-0x000007FEF40F3000-memory.dmp

Filesize
1.3MB

Download
memory/1384-66-0x0000000000000000-mapping.dmp

Download
memory/1392-76-0x0000000000000000-mapping.dmp

Download
memory/2060-80-0x0000000000000000-mapping.dmp

Download
memory/2088-100-0x0000000000000000-mapping.dmp

Download
memory/2188-104-0x0000000000000000-mapping.dmp

Download
memory/2204-115-0x0000000000000000-mapping.dmp

Download
memory/2240-106-0x0000000000000000-mapping.dmp

Download
memory/2384-83-0x0000000000000000-mapping.dmp

Download
memory/2564-112-0x0000000000000000-mapping.dmp

Download
memory/2692-85-0x0000000000000000-mapping.dmp

Download
memory/2692-109-0x0000000007480000-0x0000000007481000-memory.dmp

Filesize
4KB

Download
memory/2708-86-0x0000000000000000-mapping.dmp

Download
memory/2716-113-0x0000000000000000-mapping.dmp

Download
memory/2856-91-0x00000000771B0000-0x00000000771B1000-memory.dmp

Filesize
4KB

Download
memory/2856-90-0x0000000000000000-mapping.dmp

Download
memory/2868-114-0x0000000000000000-mapping.dmp

Download
memory/2892-92-0x0000000000000000-mapping.dmp

Download
memory/2940-94-0x0000000000000000-mapping.dmp

Download
memory/3052-98-0x0000000000000000-mapping.dmp

Download