Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
27-06-2021 12:05
Static task
static1
Behavioral task
behavioral1
Sample
tracking_number.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
tracking_number.pdf.exe
Resource
win10v20210410
General
-
Target
tracking_number.pdf.exe
-
Size
214KB
-
MD5
b4fc1596157eb7b7900dd1da72c301c4
-
SHA1
e0c4095c71475036bd79f8bb926fcb575d446d36
-
SHA256
0452a7ada10bdeda0eb905da0549955f9ce8486ff7cf76a51d73f90a90e89aad
-
SHA512
6a7f72c23344c128dc1d7c25942affedd7c36960da229caebee274c395013d07db9bcb77a24f8cf00e765cbbd1d346cb925dc67a63ac9da2c3621c49c1c1cf48
Malware Config
Signatures
-
GandCrab Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/772-116-0x0000000000690000-0x00000000006A7000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
tracking_number.pdf.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce tracking_number.pdf.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bsjkgkyqlkn = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\rvzeaf.exe\"" tracking_number.pdf.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
tracking_number.pdf.exedescription ioc process File opened (read-only) \??\B: tracking_number.pdf.exe File opened (read-only) \??\F: tracking_number.pdf.exe File opened (read-only) \??\T: tracking_number.pdf.exe File opened (read-only) \??\W: tracking_number.pdf.exe File opened (read-only) \??\Y: tracking_number.pdf.exe File opened (read-only) \??\I: tracking_number.pdf.exe File opened (read-only) \??\K: tracking_number.pdf.exe File opened (read-only) \??\O: tracking_number.pdf.exe File opened (read-only) \??\P: tracking_number.pdf.exe File opened (read-only) \??\Z: tracking_number.pdf.exe File opened (read-only) \??\X: tracking_number.pdf.exe File opened (read-only) \??\A: tracking_number.pdf.exe File opened (read-only) \??\J: tracking_number.pdf.exe File opened (read-only) \??\L: tracking_number.pdf.exe File opened (read-only) \??\N: tracking_number.pdf.exe File opened (read-only) \??\Q: tracking_number.pdf.exe File opened (read-only) \??\R: tracking_number.pdf.exe File opened (read-only) \??\V: tracking_number.pdf.exe File opened (read-only) \??\E: tracking_number.pdf.exe File opened (read-only) \??\G: tracking_number.pdf.exe File opened (read-only) \??\H: tracking_number.pdf.exe File opened (read-only) \??\M: tracking_number.pdf.exe File opened (read-only) \??\S: tracking_number.pdf.exe File opened (read-only) \??\U: tracking_number.pdf.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
tracking_number.pdf.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier tracking_number.pdf.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 tracking_number.pdf.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString tracking_number.pdf.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
tracking_number.pdf.exepid process 772 tracking_number.pdf.exe 772 tracking_number.pdf.exe 772 tracking_number.pdf.exe 772 tracking_number.pdf.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
tracking_number.pdf.exedescription pid process target process PID 772 wrote to memory of 2880 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2880 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2880 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1336 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1336 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1336 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3412 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3412 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3412 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3076 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3076 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3076 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1192 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1192 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1192 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1124 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1124 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1124 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2440 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2440 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2440 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2876 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2876 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2876 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 4008 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 4008 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 4008 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1672 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1672 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1672 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3636 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3636 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3636 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1724 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1724 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 1724 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2068 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2068 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2068 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2320 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2320 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2320 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2744 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2744 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2744 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 4016 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 4016 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 4016 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3944 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3944 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3944 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 784 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 784 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 784 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 8 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 8 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 8 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3504 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3504 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 3504 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2612 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2612 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2612 772 tracking_number.pdf.exe nslookup.exe PID 772 wrote to memory of 2084 772 tracking_number.pdf.exe nslookup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\tracking_number.pdf.exe"C:\Users\Admin\AppData\Local\Temp\tracking_number.pdf.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/8-135-0x0000000000000000-mapping.dmp
-
memory/416-177-0x0000000000000000-mapping.dmp
-
memory/772-115-0x0000000000400000-0x000000000043C000-memory.dmpFilesize
240KB
-
memory/772-116-0x0000000000690000-0x00000000006A7000-memory.dmpFilesize
92KB
-
memory/772-114-0x0000000000670000-0x000000000068B000-memory.dmpFilesize
108KB
-
memory/784-134-0x0000000000000000-mapping.dmp
-
memory/1008-151-0x0000000000000000-mapping.dmp
-
memory/1040-165-0x0000000000000000-mapping.dmp
-
memory/1124-122-0x0000000000000000-mapping.dmp
-
memory/1144-143-0x0000000000000000-mapping.dmp
-
memory/1192-121-0x0000000000000000-mapping.dmp
-
memory/1196-148-0x0000000000000000-mapping.dmp
-
memory/1256-175-0x0000000000000000-mapping.dmp
-
memory/1336-118-0x0000000000000000-mapping.dmp
-
memory/1340-173-0x0000000000000000-mapping.dmp
-
memory/1348-147-0x0000000000000000-mapping.dmp
-
memory/1576-162-0x0000000000000000-mapping.dmp
-
memory/1672-126-0x0000000000000000-mapping.dmp
-
memory/1724-128-0x0000000000000000-mapping.dmp
-
memory/1960-153-0x0000000000000000-mapping.dmp
-
memory/2068-129-0x0000000000000000-mapping.dmp
-
memory/2080-178-0x0000000000000000-mapping.dmp
-
memory/2084-138-0x0000000000000000-mapping.dmp
-
memory/2104-169-0x0000000000000000-mapping.dmp
-
memory/2148-166-0x0000000000000000-mapping.dmp
-
memory/2152-152-0x0000000000000000-mapping.dmp
-
memory/2216-145-0x0000000000000000-mapping.dmp
-
memory/2252-158-0x0000000000000000-mapping.dmp
-
memory/2256-167-0x0000000000000000-mapping.dmp
-
memory/2320-130-0x0000000000000000-mapping.dmp
-
memory/2324-159-0x0000000000000000-mapping.dmp
-
memory/2424-160-0x0000000000000000-mapping.dmp
-
memory/2440-123-0x0000000000000000-mapping.dmp
-
memory/2612-137-0x0000000000000000-mapping.dmp
-
memory/2648-179-0x0000000000000000-mapping.dmp
-
memory/2744-131-0x0000000000000000-mapping.dmp
-
memory/2756-180-0x0000000000000000-mapping.dmp
-
memory/2768-139-0x0000000000000000-mapping.dmp
-
memory/2876-124-0x0000000000000000-mapping.dmp
-
memory/2880-117-0x0000000000000000-mapping.dmp
-
memory/2972-174-0x0000000000000000-mapping.dmp
-
memory/3028-157-0x0000000000000000-mapping.dmp
-
memory/3076-120-0x0000000000000000-mapping.dmp
-
memory/3236-149-0x0000000000000000-mapping.dmp
-
memory/3240-142-0x0000000000000000-mapping.dmp
-
memory/3256-156-0x0000000000000000-mapping.dmp
-
memory/3300-171-0x0000000000000000-mapping.dmp
-
memory/3392-170-0x0000000000000000-mapping.dmp
-
memory/3400-168-0x0000000000000000-mapping.dmp
-
memory/3412-119-0x0000000000000000-mapping.dmp
-
memory/3420-146-0x0000000000000000-mapping.dmp
-
memory/3476-155-0x0000000000000000-mapping.dmp
-
memory/3504-136-0x0000000000000000-mapping.dmp
-
memory/3540-164-0x0000000000000000-mapping.dmp
-
memory/3620-150-0x0000000000000000-mapping.dmp
-
memory/3636-127-0x0000000000000000-mapping.dmp
-
memory/3844-154-0x0000000000000000-mapping.dmp
-
memory/3852-172-0x0000000000000000-mapping.dmp
-
memory/3908-140-0x0000000000000000-mapping.dmp
-
memory/3916-163-0x0000000000000000-mapping.dmp
-
memory/3944-133-0x0000000000000000-mapping.dmp
-
memory/3968-176-0x0000000000000000-mapping.dmp
-
memory/3992-161-0x0000000000000000-mapping.dmp
-
memory/3996-141-0x0000000000000000-mapping.dmp
-
memory/4008-125-0x0000000000000000-mapping.dmp
-
memory/4016-132-0x0000000000000000-mapping.dmp
-
memory/4060-144-0x0000000000000000-mapping.dmp