bazarloader | 96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad

Analysis

max time kernel
151s
max time network
153s
platform
windows10_x64
resource
win10-en-20211104
submitted
08-12-2021 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
Size

213KB
MD5

5dcb1b120e3fd1acdd5f222493bd19b8
SHA1

c1a2a5a269976b0e1ef333d71b6bac272d8f8077
SHA256

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad
SHA512

0e34bd780fdcb8299b4111ed0c8f99a6f8a2d82e39f24f2282bb1f647b872c190a9d324f504446384d35ed0ce171235a4407923206644ec887cb7369fedfc786

Score

10^/10

bazarloader raccoon redline smokeloader f797145799b7b1b77b35d81de942eee0908da519 fd4f23250443a724a3d1548e6ab07c481dfc2814 backdoor discovery dropper infostealer loader spyware stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

f797145799b7b1b77b35d81de942eee0908da519

Attributes

url4cnc
http://91.219.236.27/capibar
http://94.158.245.167/capibar
http://185.163.204.216/capibar
http://185.225.19.238/capibar
http://185.163.204.218/capibar
https://t.me/capibar

rc4.plain

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fd4f23250443a724a3d1548e6ab07c481dfc2814

Attributes

url4cnc
http://91.219.236.27/duglassa1
http://94.158.245.167/duglassa1
http://185.163.204.216/duglassa1
http://185.225.19.238/duglassa1
http://185.163.204.218/duglassa1
https://t.me/duglassa1

rc4.plain

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader
Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1124-139-0x0000000001270000-0x00000000012D9000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1176-159-0x0000000180000000-0x0000000180040000-memory.dmp	BazarLoaderVar5

Downloads MZ/PE file
Executes dropped EXE 6 IoCs

Processes:

EAAF.exeEAAF.exe6416.exe6B1C.exe80B9.exe9A2E.exe

pid process

1324 EAAF.exe
1396 EAAF.exe
1412 6416.exe
1124 6B1C.exe
1052 80B9.exe
4060 9A2E.exe
Deletes itself 1 IoCs

Processes:

pid process

3040
Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

1176 regsvr32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

6B1C.exe

pid process

1124 6B1C.exe

pid	process
1324	EAAF.exe
1396	EAAF.exe
1412	6416.exe
1124	6B1C.exe
1052	80B9.exe
4060	9A2E.exe

pid	process
3040

pid	process
1176	regsvr32.exe

pid	process
1124	6B1C.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exeEAAF.exe

description	pid	process	target process
PID 2604 set thread context of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 1324 set thread context of 1396	1324	EAAF.exe	EAAF.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exeEAAF.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	EAAF.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	EAAF.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	EAAF.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe

pid	process
3856	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
3856	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040
3040

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

3040
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exeEAAF.exe

pid process

3856 96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
1396 EAAF.exe

pid	process
3040

Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes:

6B1C.exe

description	pid	process
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeDebugPrivilege	1124	6B1C.exe
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040
Token: SeShutdownPrivilege	3040
Token: SeCreatePagefilePrivilege	3040

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exeEAAF.exe

description	pid	process	target process
PID 2604 wrote to memory of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 2604 wrote to memory of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 2604 wrote to memory of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 2604 wrote to memory of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 2604 wrote to memory of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 2604 wrote to memory of 3856	2604	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe	96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
PID 3040 wrote to memory of 1324	3040		EAAF.exe
PID 3040 wrote to memory of 1324	3040		EAAF.exe
PID 3040 wrote to memory of 1324	3040		EAAF.exe
PID 1324 wrote to memory of 1396	1324	EAAF.exe	EAAF.exe
PID 1324 wrote to memory of 1396	1324	EAAF.exe	EAAF.exe
PID 1324 wrote to memory of 1396	1324	EAAF.exe	EAAF.exe
PID 1324 wrote to memory of 1396	1324	EAAF.exe	EAAF.exe
PID 1324 wrote to memory of 1396	1324	EAAF.exe	EAAF.exe
PID 1324 wrote to memory of 1396	1324	EAAF.exe	EAAF.exe
PID 3040 wrote to memory of 1412	3040		6416.exe
PID 3040 wrote to memory of 1412	3040		6416.exe
PID 3040 wrote to memory of 1412	3040		6416.exe
PID 3040 wrote to memory of 1124	3040		6B1C.exe
PID 3040 wrote to memory of 1124	3040		6B1C.exe
PID 3040 wrote to memory of 1124	3040		6B1C.exe
PID 3040 wrote to memory of 1176	3040		regsvr32.exe
PID 3040 wrote to memory of 1176	3040		regsvr32.exe
PID 3040 wrote to memory of 1052	3040		80B9.exe
PID 3040 wrote to memory of 1052	3040		80B9.exe
PID 3040 wrote to memory of 1052	3040		80B9.exe
PID 3040 wrote to memory of 4060	3040		9A2E.exe
PID 3040 wrote to memory of 4060	3040		9A2E.exe
PID 3040 wrote to memory of 4060	3040		9A2E.exe

C:\Users\Admin\AppData\Local\Temp\96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
"C:\Users\Admin\AppData\Local\Temp\96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe
"C:\Users\Admin\AppData\Local\Temp\96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad.exe"
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3856

C:\Users\Admin\AppData\Local\Temp\EAAF.exe
C:\Users\Admin\AppData\Local\Temp\EAAF.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\Temp\EAAF.exe
C:\Users\Admin\AppData\Local\Temp\EAAF.exe
2⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:1396

C:\Users\Admin\AppData\Local\Temp\6416.exe
C:\Users\Admin\AppData\Local\Temp\6416.exe
1⤵
- Executes dropped EXE
PID:1412

C:\Users\Admin\AppData\Local\Temp\6B1C.exe
C:\Users\Admin\AppData\Local\Temp\6B1C.exe
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:1124

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\78B9.dll
1⤵
- Loads dropped DLL
PID:1176

C:\Users\Admin\AppData\Local\Temp\80B9.exe
C:\Users\Admin\AppData\Local\Temp\80B9.exe
1⤵
- Executes dropped EXE
PID:1052

C:\Users\Admin\AppData\Local\Temp\9A2E.exe
C:\Users\Admin\AppData\Local\Temp\9A2E.exe
1⤵
- Executes dropped EXE
PID:4060

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6416.exe
MD5
bce50d5b17bb88f22f0000511026520d

SHA1
599aaed4ee72ec0e0fc4cada844a1c210e332961

SHA256
77e40ca1c6001b2c01ef50b84585d68127eeb5691c899b049a9948fb60b13455

SHA512
c7dea899ed181efd0474a8b181b8fd8e91c734703a03ac71381e072684c93dd6d002629ffcfeefb15b6ca79ba1cf8cc62acd2b16fe7e0faed444c6f3eebb7536

Download Submit
C:\Users\Admin\AppData\Local\Temp\6416.exe
MD5
bce50d5b17bb88f22f0000511026520d

SHA1
599aaed4ee72ec0e0fc4cada844a1c210e332961

SHA256
77e40ca1c6001b2c01ef50b84585d68127eeb5691c899b049a9948fb60b13455

SHA512
c7dea899ed181efd0474a8b181b8fd8e91c734703a03ac71381e072684c93dd6d002629ffcfeefb15b6ca79ba1cf8cc62acd2b16fe7e0faed444c6f3eebb7536

Download Submit
C:\Users\Admin\AppData\Local\Temp\6B1C.exe
MD5
0cefed061e2a2241ecd302d7790a2f80

SHA1
5f119195af2db118c5fbac21634bea00f5d5b8da

SHA256
014ad60fd2c294dd8fb63c022961e17df1ba74bb1209a64634112913edc44983

SHA512
7b7e4460dad4f176b11a66a37bbc1b2fd2c7e042c5e949c72edcc3c93d9bb9d210d8ecc95d8aad533c761947958e008c4ced8b5faef9319ebb5bf29752381cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\6B1C.exe
MD5
0cefed061e2a2241ecd302d7790a2f80

SHA1
5f119195af2db118c5fbac21634bea00f5d5b8da

SHA256
014ad60fd2c294dd8fb63c022961e17df1ba74bb1209a64634112913edc44983

SHA512
7b7e4460dad4f176b11a66a37bbc1b2fd2c7e042c5e949c72edcc3c93d9bb9d210d8ecc95d8aad533c761947958e008c4ced8b5faef9319ebb5bf29752381cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\78B9.dll
MD5
d08fcd4a44230a79c94380f259b2ebc6

SHA1
6c80fd972746493c871372f96ad35d29d0bb6422

SHA256
54ff61f369d5c01b1770f8ad2fd7bc31373c7a54e14c7eadc63119d3e9cb38b6

SHA512
5ec0f7f82f2495754c74ae09958f74525bb72641fae73dff1feefb56d16cd9189ead0fb1a49b01f4768c16dc8dceff4ab490480ab2a180e483f2043b3607b9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\80B9.exe
MD5
c910c28e370e3e16c2a27e7acf65ea9a

SHA1
a25693d3842385bcde757b070e78973e43f37526

SHA256
5dc8f665251e67cf8f784e537df31894f9106d7dbdb72f35ce53b2c3ad357f0d

SHA512
624d164eda0b6f9a1c309539bc128c5b560c0a0013176eb4d9333055654cfa4243b2211c0b5ac3bf666036a1fdcc7c3e2999abb0e8ad3a6809bf4d2ddeaee230

Download Submit
C:\Users\Admin\AppData\Local\Temp\80B9.exe
MD5
c910c28e370e3e16c2a27e7acf65ea9a

SHA1
a25693d3842385bcde757b070e78973e43f37526

SHA256
5dc8f665251e67cf8f784e537df31894f9106d7dbdb72f35ce53b2c3ad357f0d

SHA512
624d164eda0b6f9a1c309539bc128c5b560c0a0013176eb4d9333055654cfa4243b2211c0b5ac3bf666036a1fdcc7c3e2999abb0e8ad3a6809bf4d2ddeaee230

Download Submit
C:\Users\Admin\AppData\Local\Temp\9A2E.exe
MD5
82647c7fd8bfcebe57a46f009285e030

SHA1
d602af33f0bb33493b0d3530ee9369b5cfe2df0a

SHA256
eefc11d7652518188e5cec696e4e45f774acc45b4d158cba71eb5a8cfe392736

SHA512
3c956fca15a15ef0e4804f51de7aa1cd2dbd829340558378350defbb2924986c72cce4af54b126e078d09d9acbe4bb435f1160944523f8fb6dbf871cbf546fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\9A2E.exe
MD5
82647c7fd8bfcebe57a46f009285e030

SHA1
d602af33f0bb33493b0d3530ee9369b5cfe2df0a

SHA256
eefc11d7652518188e5cec696e4e45f774acc45b4d158cba71eb5a8cfe392736

SHA512
3c956fca15a15ef0e4804f51de7aa1cd2dbd829340558378350defbb2924986c72cce4af54b126e078d09d9acbe4bb435f1160944523f8fb6dbf871cbf546fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAAF.exe
MD5
5dcb1b120e3fd1acdd5f222493bd19b8

SHA1
c1a2a5a269976b0e1ef333d71b6bac272d8f8077

SHA256
96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad

SHA512
0e34bd780fdcb8299b4111ed0c8f99a6f8a2d82e39f24f2282bb1f647b872c190a9d324f504446384d35ed0ce171235a4407923206644ec887cb7369fedfc786

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAAF.exe
MD5
5dcb1b120e3fd1acdd5f222493bd19b8

SHA1
c1a2a5a269976b0e1ef333d71b6bac272d8f8077

SHA256
96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad

SHA512
0e34bd780fdcb8299b4111ed0c8f99a6f8a2d82e39f24f2282bb1f647b872c190a9d324f504446384d35ed0ce171235a4407923206644ec887cb7369fedfc786

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAAF.exe
MD5
5dcb1b120e3fd1acdd5f222493bd19b8

SHA1
c1a2a5a269976b0e1ef333d71b6bac272d8f8077

SHA256
96bc2b106c58acdbddad04b6c1288b5d9939a14bc13d083db55aa453fac7a6ad

SHA512
0e34bd780fdcb8299b4111ed0c8f99a6f8a2d82e39f24f2282bb1f647b872c190a9d324f504446384d35ed0ce171235a4407923206644ec887cb7369fedfc786

Download Submit
\Users\Admin\AppData\Local\Temp\78B9.dll
MD5
d08fcd4a44230a79c94380f259b2ebc6

SHA1
6c80fd972746493c871372f96ad35d29d0bb6422

SHA256
54ff61f369d5c01b1770f8ad2fd7bc31373c7a54e14c7eadc63119d3e9cb38b6

SHA512
5ec0f7f82f2495754c74ae09958f74525bb72641fae73dff1feefb56d16cd9189ead0fb1a49b01f4768c16dc8dceff4ab490480ab2a180e483f2043b3607b9e2

Download Submit
memory/1052-164-0x0000000000000000-mapping.dmp

Download
memory/1052-167-0x0000000000EA0000-0x0000000000EE6000-memory.dmp

Filesize
280KB

Download
memory/1124-149-0x0000000005B60000-0x0000000005B61000-memory.dmp

Filesize
4KB

Download
memory/1124-171-0x0000000006A10000-0x0000000006A11000-memory.dmp

Filesize
4KB

Download
memory/1124-177-0x0000000007C20000-0x0000000007C21000-memory.dmp

Filesize
4KB

Download
memory/1124-176-0x0000000007520000-0x0000000007521000-memory.dmp

Filesize
4KB

Download
memory/1124-139-0x0000000001270000-0x00000000012D9000-memory.dmp

Filesize
420KB

Download
memory/1124-140-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/1124-141-0x0000000075C40000-0x0000000075E02000-memory.dmp

Filesize
1.8MB

Download
memory/1124-142-0x0000000076730000-0x0000000076821000-memory.dmp

Filesize
964KB

Download
memory/1124-143-0x0000000001270000-0x0000000001271000-memory.dmp

Filesize
4KB

Download
memory/1124-144-0x0000000002F70000-0x0000000002FB5000-memory.dmp

Filesize
276KB

Download
memory/1124-146-0x0000000071890000-0x0000000071910000-memory.dmp

Filesize
512KB

Download
memory/1124-147-0x0000000006060000-0x0000000006061000-memory.dmp

Filesize
4KB

Download
memory/1124-148-0x0000000005990000-0x0000000005991000-memory.dmp

Filesize
4KB

Download
memory/1124-172-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/1124-150-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1124-152-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/1124-151-0x0000000074090000-0x0000000074614000-memory.dmp

Filesize
5.5MB

Download
memory/1124-153-0x0000000074620000-0x0000000075968000-memory.dmp

Filesize
19.3MB

Download
memory/1124-154-0x0000000005A50000-0x0000000005A51000-memory.dmp

Filesize
4KB

Download
memory/1124-155-0x000000006FB00000-0x000000006FB4B000-memory.dmp

Filesize
300KB

Download
memory/1124-136-0x0000000000000000-mapping.dmp

Download
memory/1124-170-0x00000000068F0000-0x00000000068F1000-memory.dmp

Filesize
4KB

Download
memory/1124-169-0x0000000005D50000-0x0000000005D51000-memory.dmp

Filesize
4KB

Download
memory/1124-168-0x0000000006B70000-0x0000000006B71000-memory.dmp

Filesize
4KB

Download
memory/1176-159-0x0000000180000000-0x0000000180040000-memory.dmp

Filesize
256KB

Download
memory/1176-156-0x0000000000000000-mapping.dmp

Download
memory/1324-123-0x0000000000000000-mapping.dmp

Download
memory/1396-127-0x0000000000402F47-mapping.dmp

Download
memory/1412-134-0x0000000002100000-0x000000000218F000-memory.dmp

Filesize
572KB

Download
memory/1412-130-0x0000000000000000-mapping.dmp

Download
memory/1412-135-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2604-121-0x0000000002CE0000-0x0000000002CE9000-memory.dmp

Filesize
36KB

Download
memory/2604-120-0x0000000002CD0000-0x0000000002CD9000-memory.dmp

Filesize
36KB

Download
memory/3040-129-0x0000000002560000-0x0000000002576000-memory.dmp

Filesize
88KB

Download
memory/3040-122-0x00000000009A0000-0x00000000009B6000-memory.dmp

Filesize
88KB

Download
memory/3856-118-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3856-119-0x0000000000402F47-mapping.dmp

Download
memory/4060-173-0x0000000000000000-mapping.dmp

Download
memory/4060-178-0x0000000004820000-0x000000000486F000-memory.dmp

Filesize
316KB

Download
memory/4060-179-0x0000000004870000-0x00000000048FF000-memory.dmp

Filesize
572KB

Download
memory/4060-180-0x0000000000400000-0x0000000002BBC000-memory.dmp

Filesize
39.7MB

Download