Overview

overview

10

Static

static

99d5b8b376...bd.exe

windows7_x64

10

99d5b8b376...bd.exe

windows10_x64

10

Analysis

  • max time kernel
    156s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99d5b8b376944920ff01a8737f9cbdbd.exe

  • Size

    213KB

  • MD5

    99d5b8b376944920ff01a8737f9cbdbd

  • SHA1

    f0c35ecdf80f44727284c6cc4281bb1a8bd4dede

  • SHA256

    2189c55c45bdae4c6c966d1fe88312cd12b841b86ffaee29a0512a590f11718b

  • SHA512

    1a2b19b93ad2417db4f80b94abc2b738e2f0dc0558b355c51817161d5f7666d35be2dafb505ac297b3f94f5593d16fb9b862ea36c03580c4168add426e341882

Score
10/10
buransmokeloaderbackdoorpersistenceransomwaretrojan

Malware Config

Extracted

Path

C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Family

buran

Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. PAY FAST 590$=0.013 btc or the price will increase tomorrow bitcoin address bc1qqxnp9z0ff8x852dyflp5r9r6rzse8jl5hzmqz8 To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? [email protected] TELEGRAM @ payfast290 Your personal ID: 1B7-ACF-74F Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforaugust1.xyz/

http://readinglistforaugust2.xyz/

http://readinglistforaugust3.xyz/

http://readinglistforaugust4.xyz/

http://readinglistforaugust5.xyz/

http://readinglistforaugust6.xyz/

http://readinglistforaugust7.xyz/

http://readinglistforaugust8.xyz/

http://readinglistforaugust9.xyz/

http://readinglistforaugust10.xyz/

http://readinglistforaugust1.site/

http://readinglistforaugust2.site/

http://readinglistforaugust3.site/

http://readinglistforaugust4.site/

http://readinglistforaugust5.site/

http://readinglistforaugust6.site/

http://readinglistforaugust7.site/

http://readinglistforaugust8.site/

http://readinglistforaugust9.site/

http://readinglistforaugust10.site/
rc4.i32
rc4.i32

Signatures

  • Buran

    Ransomware-as-a-service based on the VegaLocker family first identified in 2019.

    ransomwareburan
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Executes dropped EXE 5 IoCs
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 57 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99d5b8b376944920ff01a8737f9cbdbd.exe
    "C:\Users\Admin\AppData\Local\Temp\99d5b8b376944920ff01a8737f9cbdbd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\Users\Admin\AppData\Local\Temp\99d5b8b376944920ff01a8737f9cbdbd.exe
      "C:\Users\Admin\AppData\Local\Temp\99d5b8b376944920ff01a8737f9cbdbd.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2728
  • C:\Users\Admin\AppData\Local\Temp\30C5.exe
    C:\Users\Admin\AppData\Local\Temp\30C5.exe
    1⤵
    • Executes dropped EXE
    • Adds Run key to start application
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe" -start
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious use of WriteProcessMemory
      PID:3232
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
        3⤵
          PID:4016
          • C:\Windows\SysWOW64\Wbem\WMIC.exe
            wmic shadowcopy delete
            4⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:3344
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
          3⤵
            PID:3044
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
            3⤵
              PID:3036
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
              3⤵
                PID:204
              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe" -agent 0
                3⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                PID:1044
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:2372
                • C:\Windows\SysWOW64\vssadmin.exe
                  vssadmin delete shadows /all /quiet
                  4⤵
                  • Interacts with shadow copies
                  PID:1304
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:2708
            • C:\Windows\explorer.exe
              C:\Windows\explorer.exe
              1⤵
                PID:2088
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:1352
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:4020
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:2184
                    • C:\Windows\explorer.exe
                      C:\Windows\explorer.exe
                      1⤵
                        PID:1460
                      • C:\Windows\SysWOW64\explorer.exe
                        C:\Windows\SysWOW64\explorer.exe
                        1⤵
                          PID:3600
                        • C:\Windows\explorer.exe
                          C:\Windows\explorer.exe
                          1⤵
                            PID:1320
                          • C:\Windows\SysWOW64\explorer.exe
                            C:\Windows\SysWOW64\explorer.exe
                            1⤵
                              PID:2644
                            • C:\Windows\system32\vssvc.exe
                              C:\Windows\system32\vssvc.exe
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:892
                            • C:\Users\Admin\AppData\Roaming\ussgwrt
                              C:\Users\Admin\AppData\Roaming\ussgwrt
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              PID:3356
                              • C:\Users\Admin\AppData\Roaming\ussgwrt
                                C:\Users\Admin\AppData\Roaming\ussgwrt
                                2⤵
                                • Executes dropped EXE
                                • Checks SCSI registry key(s)
                                • Suspicious behavior: MapViewOfSection
                                PID:3588

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
                              MD5

                              5703edef7cb0f99305a6b18845e0443e

                              SHA1

                              fb6f022ebde210306e1a6575462d6451e98af454

                              SHA256

                              e4ce02059eb175c30879041d610db7b8798cdf57a4c67afc83c125c2db36e883

                              SHA512

                              4631853bda1498ff3cace6a348fd2d6770edd0fec166707c3afebff09644f34e29a7a6dd3e9cb167c40e8b5fa1fbbc80ba26d80b4d939daf56278c276b07ada4

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\204C1AA6F6114E6A513754A2AB5760FA_0673414C08DE7F919AE3F6C4CC65AEEE
                              MD5

                              888f7457c332ac5e1897316e159f58c1

                              SHA1

                              a3047c6e978158dfae29b5735e8131ec1b30703d

                              SHA256

                              c2c14652875bfeb1ed529202da6d45eb974acab193c005908cf90b8c5cf3dd41

                              SHA512

                              0abdc5f78ade2f56b0f1954adc0479b5dcc88d401bfac95754e7dd80adefe7375a426fd89f81b657ebe9c113092524dcbd1e80c39a4bec51ccd93bc0bc3a5aff

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                              MD5

                              939460925953ce88e1086341b8a11bda

                              SHA1

                              06249b891050a9fac128ccfee943aeb5bede1c7b

                              SHA256

                              d4da3c5ff04a3b677eb77b1bfedc14e29ebd0d01c476d44a0b1a2366447ab016

                              SHA512

                              a8dc3eb58a4a550cc2551463a3d813396caf3f2b65f5b13c8e339a4a32652895ee15c23eb5ba833eca4e7c22331a622657cf5bd64098f0c54e43b4e92fe65f30

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
                              MD5

                              eb3e8750108e80294112b4eb4b73aedb

                              SHA1

                              f07db5f9982448978f2cb566ec6397a0001ff9d1

                              SHA256

                              7c70af09b08845aeb4f5e6b8c318b0c210f9da7c2e125a80ae9dab7440b6a4b4

                              SHA512

                              675f0017cc5aaa051a29d5fa525057fd23cef5de771273e0837242bf4298dc47b775606bad0719f85cedc48169a4e096fc27801c30d3fa306ef358b80b77fd04

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\204C1AA6F6114E6A513754A2AB5760FA_0673414C08DE7F919AE3F6C4CC65AEEE
                              MD5

                              0e63f11642a1caed54dc86391e336bb5

                              SHA1

                              acf6fee16b9cb0c63dd4b7ab462932121514242e

                              SHA256

                              54076a8a2c54fa8ad6d2a36747c09f8bd3330d80a6026c7200e5a0e9293d5887

                              SHA512

                              911cbf11e481a889eb322f2e73165071e61581049526d1f4d8231bfe88a51736d01a5bc85998a3dd8ce268d126cda29d9d034f82bddf69c70b936213eb5d198a

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                              MD5

                              574668d5a3f77b7f384178d9e61f9f93

                              SHA1

                              a22c31e750d12c3350fbbb99ed338b64c7950379

                              SHA256

                              223cf1a3ac6370cad23eab113172bd0e32ece89d6919edf6c65a4ff440d440a8

                              SHA512

                              e76c530137929b3b647f56fe4f58c90f6c4b821c63a0d1c0076ad7271944653365f3325c0fb759c3d1963983c44293f5d9e4dee0f9ae2899425b58d4dd430f22

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DRMDU4BX\19LMS1L7.htm
                              MD5

                              b1cd7c031debba3a5c77b39b6791c1a7

                              SHA1

                              e5d91e14e9c685b06f00e550d9e189deb2075f76

                              SHA256

                              57ba053f075e0b80f747f3102ed985687c16a8754d109e7c4d33633269a36aaa

                              SHA512

                              d2bbefdc1effb52a38964c4cec5990a5a226248eca36f99e446c0c5704436f666bf1cb514e73b8991411d497d3325ecc646cbd5065c364e92ab6b9c5f1ad4a72

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZIIA2USJ\HV0VJ420.htm
                              MD5

                              8615e70875c2cc0b9db16027b9adf11d

                              SHA1

                              4ed62cf405311c0ff562a3c59334a15ddc4f1bf9

                              SHA256

                              da96949ba6b0567343f144486505c8c8fa1d892fd88c9cbc3ef3d751a570724d

                              SHA512

                              cd9dfc88dc2af9438b7d6b618d1b62029b3bdf739fc4daa5b37397afd12c4528561b3bf2fc3f3f2adf3fd1f582d5524332441fd30248fcd078e41aa91e17cb73

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\30C5.exe
                              MD5

                              e70ceaf1fc7771d3d791aedc0c2068a7

                              SHA1

                              97912679527c910bdf4c97265656f4c2527245db

                              SHA256

                              0e7b9aae7306cdb8cca2a7fa6552fd6cd03f3e2ab2e2d4ae51dfe325ff2016e5

                              SHA512

                              6a4c8a424e87f4a622aa20e4fd37060919cf686c32c0432eea026c12af372ffc6714c6baff46d0590a78fddf62ea7ca3eac3240846e1781d090d3867cfc2cd58

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\30C5.exe
                              MD5

                              e70ceaf1fc7771d3d791aedc0c2068a7

                              SHA1

                              97912679527c910bdf4c97265656f4c2527245db

                              SHA256

                              0e7b9aae7306cdb8cca2a7fa6552fd6cd03f3e2ab2e2d4ae51dfe325ff2016e5

                              SHA512

                              6a4c8a424e87f4a622aa20e4fd37060919cf686c32c0432eea026c12af372ffc6714c6baff46d0590a78fddf62ea7ca3eac3240846e1781d090d3867cfc2cd58

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
                              MD5

                              e70ceaf1fc7771d3d791aedc0c2068a7

                              SHA1

                              97912679527c910bdf4c97265656f4c2527245db

                              SHA256

                              0e7b9aae7306cdb8cca2a7fa6552fd6cd03f3e2ab2e2d4ae51dfe325ff2016e5

                              SHA512

                              6a4c8a424e87f4a622aa20e4fd37060919cf686c32c0432eea026c12af372ffc6714c6baff46d0590a78fddf62ea7ca3eac3240846e1781d090d3867cfc2cd58

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
                              MD5

                              e70ceaf1fc7771d3d791aedc0c2068a7

                              SHA1

                              97912679527c910bdf4c97265656f4c2527245db

                              SHA256

                              0e7b9aae7306cdb8cca2a7fa6552fd6cd03f3e2ab2e2d4ae51dfe325ff2016e5

                              SHA512

                              6a4c8a424e87f4a622aa20e4fd37060919cf686c32c0432eea026c12af372ffc6714c6baff46d0590a78fddf62ea7ca3eac3240846e1781d090d3867cfc2cd58

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
                              MD5

                              e70ceaf1fc7771d3d791aedc0c2068a7

                              SHA1

                              97912679527c910bdf4c97265656f4c2527245db

                              SHA256

                              0e7b9aae7306cdb8cca2a7fa6552fd6cd03f3e2ab2e2d4ae51dfe325ff2016e5

                              SHA512

                              6a4c8a424e87f4a622aa20e4fd37060919cf686c32c0432eea026c12af372ffc6714c6baff46d0590a78fddf62ea7ca3eac3240846e1781d090d3867cfc2cd58

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\ussgwrt
                              MD5

                              99d5b8b376944920ff01a8737f9cbdbd

                              SHA1

                              f0c35ecdf80f44727284c6cc4281bb1a8bd4dede

                              SHA256

                              2189c55c45bdae4c6c966d1fe88312cd12b841b86ffaee29a0512a590f11718b

                              SHA512

                              1a2b19b93ad2417db4f80b94abc2b738e2f0dc0558b355c51817161d5f7666d35be2dafb505ac297b3f94f5593d16fb9b862ea36c03580c4168add426e341882

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\ussgwrt
                              MD5

                              99d5b8b376944920ff01a8737f9cbdbd

                              SHA1

                              f0c35ecdf80f44727284c6cc4281bb1a8bd4dede

                              SHA256

                              2189c55c45bdae4c6c966d1fe88312cd12b841b86ffaee29a0512a590f11718b

                              SHA512

                              1a2b19b93ad2417db4f80b94abc2b738e2f0dc0558b355c51817161d5f7666d35be2dafb505ac297b3f94f5593d16fb9b862ea36c03580c4168add426e341882

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\ussgwrt
                              MD5

                              99d5b8b376944920ff01a8737f9cbdbd

                              SHA1

                              f0c35ecdf80f44727284c6cc4281bb1a8bd4dede

                              SHA256

                              2189c55c45bdae4c6c966d1fe88312cd12b841b86ffaee29a0512a590f11718b

                              SHA512

                              1a2b19b93ad2417db4f80b94abc2b738e2f0dc0558b355c51817161d5f7666d35be2dafb505ac297b3f94f5593d16fb9b862ea36c03580c4168add426e341882

                              Download Submit

                            • memory/204-162-0x0000000000000000-mapping.dmp

                              Download

                            • memory/664-116-0x00000000001E0000-0x00000000001EA000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/1044-164-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1304-166-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1320-154-0x0000000000F90000-0x0000000000F95000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/1320-145-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1320-155-0x0000000000F80000-0x0000000000F89000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/1352-129-0x0000000000490000-0x000000000049B000-memory.dmp

                              Filesize

                              44KB

                              Download

                            • memory/1352-125-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1352-128-0x00000000004A0000-0x00000000004A7000-memory.dmp

                              Filesize

                              28KB

                              Download

                            • memory/1460-137-0x00000000005C0000-0x00000000005C6000-memory.dmp

                              Filesize

                              24KB

                              Download

                            • memory/1460-138-0x00000000005B0000-0x00000000005BC000-memory.dmp

                              Filesize

                              48KB

                              Download

                            • memory/1460-136-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2088-124-0x0000000000DF0000-0x0000000000DFC000-memory.dmp

                              Filesize

                              48KB

                              Download

                            • memory/2088-123-0x0000000001080000-0x0000000001087000-memory.dmp

                              Filesize

                              28KB

                              Download

                            • memory/2088-122-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2184-133-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2184-135-0x0000000000E90000-0x0000000000E99000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/2184-134-0x0000000000EA0000-0x0000000000EA5000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/2372-163-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2644-156-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2644-157-0x00000000001D0000-0x00000000001D5000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/2644-158-0x00000000001C0000-0x00000000001C9000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/2708-121-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2708-127-0x0000000000EB0000-0x0000000000F1B000-memory.dmp

                              Filesize

                              428KB

                              Download

                            • memory/2708-126-0x0000000000F20000-0x0000000000F94000-memory.dmp

                              Filesize

                              464KB

                              Download

                            • memory/2728-114-0x0000000000400000-0x0000000000409000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/2728-115-0x0000000000402FAB-mapping.dmp

                              Download

                            • memory/3024-117-0x0000000000610000-0x0000000000626000-memory.dmp

                              Filesize

                              88KB

                              Download

                            • memory/3024-173-0x00000000023A0000-0x00000000023B6000-memory.dmp

                              Filesize

                              88KB

                              Download

                            • memory/3036-161-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3044-160-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3232-142-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3344-167-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3588-171-0x0000000000402FAB-mapping.dmp

                              Download

                            • memory/3600-139-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3600-141-0x0000000000910000-0x0000000000919000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/3600-140-0x0000000000920000-0x0000000000924000-memory.dmp

                              Filesize

                              16KB

                              Download

                            • memory/3800-118-0x0000000000000000-mapping.dmp

                              Download

                            • memory/4016-159-0x0000000000000000-mapping.dmp

                              Download

                            • memory/4020-132-0x0000000000F70000-0x0000000000F7F000-memory.dmp

                              Filesize

                              60KB

                              Download

                            • memory/4020-130-0x0000000000000000-mapping.dmp

                              Download

                            • memory/4020-131-0x0000000000F80000-0x0000000000F89000-memory.dmp

                              Filesize

                              36KB

                              Download