njrat | dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-en
submitted
16-09-2021 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
Size

91KB
MD5

6b5bc3eba86c9efbdf993773af3f593e
SHA1

0fd0f10d34c28a928e69343caeeed7803646be8f
SHA256

dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07
SHA512

cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Score

10^/10

njrat hacked persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7 MultiHost

Botnet

HacKed

anunankis1.duckdns.org,anunankis3.duckdns.org,karmina112.sytes.net,karmina114.sytes.net,burdun.dynu.net,burdun114.dynu.net:1177

Mutex

8746d62c81bb0c573a0a1086f9955c7b

Attributes

reg_key
8746d62c81bb0c573a0a1086f9955c7b
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata
Executes dropped EXE 6 IoCs

Processes:

svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe

pid process

1352 svchost.exe
1488 svchost.exe
1088 svchost.exe
1944 svchost.exe
1956 svchost.exe
1744 svchost.exe

pid	process
1352	svchost.exe
1488	svchost.exe
1088	svchost.exe
1944	svchost.exe
1956	svchost.exe
1744	svchost.exe

Drops startup file 3 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8746d62c81bb0c573a0a1086f9955c7b.exe	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8746d62c81bb0c573a0a1086f9955c7b.exe	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCleaner.lnk	svchost.exe

Loads dropped DLL 5 IoCs

Processes:

DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exesvchost.exesvchost.exesvchost.exesvchost.exe

pid process

1076 DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
1352 svchost.exe
1488 svchost.exe
1088 svchost.exe
1956 svchost.exe

pid	process
1076	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
1352	svchost.exe
1488	svchost.exe
1088	svchost.exe
1956	svchost.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

svchost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\8746d62c81bb0c573a0a1086f9955c7b = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe\" .."	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\8746d62c81bb0c573a0a1086f9955c7b = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe\" .."	svchost.exe

Suspicious use of SetThreadContext 4 IoCs

Processes:

DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exesvchost.exesvchost.exesvchost.exe

description	pid	process	target process
PID 1032 set thread context of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1352 set thread context of 1488	1352	svchost.exe	svchost.exe
PID 1088 set thread context of 1944	1088	svchost.exe	svchost.exe
PID 1956 set thread context of 1744	1956	svchost.exe	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1888 schtasks.exe

pid	process
1888	schtasks.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

svchost.exe

description	pid	process
Token: SeDebugPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe
Token: 33	1488	svchost.exe
Token: SeIncBasePriorityPrivilege	1488	svchost.exe

Suspicious use of WriteProcessMemory 52 IoCs

Processes:

DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exeDBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exesvchost.exesvchost.exetaskeng.exesvchost.exesvchost.exe

description	pid	process	target process
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1032 wrote to memory of 1076	1032	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
PID 1076 wrote to memory of 1352	1076	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	svchost.exe
PID 1076 wrote to memory of 1352	1076	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	svchost.exe
PID 1076 wrote to memory of 1352	1076	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	svchost.exe
PID 1076 wrote to memory of 1352	1076	DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1352 wrote to memory of 1488	1352	svchost.exe	svchost.exe
PID 1488 wrote to memory of 1888	1488	svchost.exe	schtasks.exe
PID 1488 wrote to memory of 1888	1488	svchost.exe	schtasks.exe
PID 1488 wrote to memory of 1888	1488	svchost.exe	schtasks.exe
PID 1488 wrote to memory of 1888	1488	svchost.exe	schtasks.exe
PID 1684 wrote to memory of 1088	1684	taskeng.exe	svchost.exe
PID 1684 wrote to memory of 1088	1684	taskeng.exe	svchost.exe
PID 1684 wrote to memory of 1088	1684	taskeng.exe	svchost.exe
PID 1684 wrote to memory of 1088	1684	taskeng.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1088 wrote to memory of 1944	1088	svchost.exe	svchost.exe
PID 1684 wrote to memory of 1956	1684	taskeng.exe	svchost.exe
PID 1684 wrote to memory of 1956	1684	taskeng.exe	svchost.exe
PID 1684 wrote to memory of 1956	1684	taskeng.exe	svchost.exe
PID 1684 wrote to memory of 1956	1684	taskeng.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe
PID 1956 wrote to memory of 1744	1956	svchost.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
"C:\Users\Admin\AppData\Local\Temp\DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Temp\DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
"C:\Users\Admin\AppData\Local\Temp\DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1076

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1352

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
4⤵
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1488

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn Skype /tr "C:\Users\Admin\AppData\Local\Temp\svchost.exe
5⤵
- Creates scheduled task(s)
PID:1888

C:\Windows\system32\taskeng.exe
taskeng.exe {0F427F52-EC38-450C-9150-6CC453135888} S-1-5-21-1669990088-476967504-438132596-1000:KJUCCLUP\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Users\Admin\AppData\Local\Temp\svchost.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1088

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
PID:1944

C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Users\Admin\AppData\Local\Temp\svchost.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1956

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
3⤵
- Executes dropped EXE
PID:1744

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe
MD5
6b5bc3eba86c9efbdf993773af3f593e

SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f

SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07

SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1

Download Submit
memory/1032-54-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/1032-53-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/1076-58-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/1076-56-0x0000000000407AEE-mapping.dmp

Download
memory/1076-55-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1088-73-0x0000000000000000-mapping.dmp

Download
memory/1088-85-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download
memory/1352-69-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1352-60-0x0000000000000000-mapping.dmp

Download
memory/1488-70-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1488-66-0x0000000000407AEE-mapping.dmp

Download
memory/1744-100-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1744-92-0x0000000000407AEE-mapping.dmp

Download
memory/1888-71-0x0000000000000000-mapping.dmp

Download
memory/1944-80-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download
memory/1944-86-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1944-83-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download
memory/1944-78-0x0000000000407AEE-mapping.dmp

Download
memory/1956-87-0x0000000000000000-mapping.dmp

Download
memory/1956-99-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download