bitrat | bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45

Analysis

max time kernel
147s
max time network
147s
platform
windows10_x64
resource
win10-en-20211208
submitted
07-01-2022 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9401cf9f73dfb187bf4cef05d8cfe72b.exe
Size

2.2MB
MD5

9401cf9f73dfb187bf4cef05d8cfe72b
SHA1

4af6544d8c94bb673f826a0ba4d24698150b1089
SHA256

bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
SHA512

8438c79aa1ac9779bdab11a3f46f174aad97a7bc2fd1f571d42ef8817dc8477b68468be7445c789d125c1b8749338e047e20301d0a11b9e52dacf947abb65dd4

Score

10^/10

bitrat evasion persistence suricata trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

severdops.ddns.net:3071

Attributes

communication_password
29ef52e7563626a96cea7f4b4085c124
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat
Windows security bypass 2 TTPs
evasion trojan

Disabling Security Tools
T1089

Modify Registry
T1112
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata
Looks for VirtualBox Guest Additions in registry 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497
Looks for VMWare Tools registry key 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1032-167-0x0000000000400000-0x00000000007E5000-memory.dmp	upx
behavioral2/memory/1032-172-0x0000000000400000-0x00000000007E5000-memory.dmp	upx
behavioral2/memory/1032-181-0x0000000000400000-0x00000000007E5000-memory.dmp	upx

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	9401cf9f73dfb187bf4cef05d8cfe72b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	9401cf9f73dfb187bf4cef05d8cfe72b.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Windows security modification 2 TTPs 4 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths	9401cf9f73dfb187bf4cef05d8cfe72b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions	9401cf9f73dfb187bf4cef05d8cfe72b.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Public\Documents\TATTOOISTSEAB\svchost.exe = "0"	9401cf9f73dfb187bf4cef05d8cfe72b.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\9401cf9f73dfb187bf4cef05d8cfe72b.exe = "0"	9401cf9f73dfb187bf4cef05d8cfe72b.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run\WAISTERSFDC = "C:\\Users\\Public\\Documents\\TATTOOISTSEAB\\svchost.exe"	9401cf9f73dfb187bf4cef05d8cfe72b.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	9401cf9f73dfb187bf4cef05d8cfe72b.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0	9401cf9f73dfb187bf4cef05d8cfe72b.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

vbc.exe

pid process

1032 vbc.exe
1032 vbc.exe
1032 vbc.exe
1032 vbc.exe
1032 vbc.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exe

description pid process target process

PID 2668 set thread context of 1032 2668 9401cf9f73dfb187bf4cef05d8cfe72b.exe vbc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1032	vbc.exe
1032	vbc.exe
1032	vbc.exe
1032	vbc.exe
1032	vbc.exe

description	pid	process	target process
PID 2668 set thread context of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exepowershell.exepowershell.exepowershell.exe

pid	process
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2440	powershell.exe
2180	powershell.exe
2144	powershell.exe
2180	powershell.exe
2440	powershell.exe
2144	powershell.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2440	powershell.exe
2144	powershell.exe
2180	powershell.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exepowershell.exepowershell.exepowershell.exevbc.exe

description	pid	process
Token: SeDebugPrivilege	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe
Token: SeDebugPrivilege	2440	powershell.exe
Token: SeDebugPrivilege	2144	powershell.exe
Token: SeDebugPrivilege	2180	powershell.exe
Token: SeShutdownPrivilege	1032	vbc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

vbc.exe

pid process

1032 vbc.exe
1032 vbc.exe

pid	process
1032	vbc.exe
1032	vbc.exe

Suspicious use of WriteProcessMemory 26 IoCs

Processes:

9401cf9f73dfb187bf4cef05d8cfe72b.exe

description	pid	process	target process
PID 2668 wrote to memory of 2440	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2440	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2440	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2180	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2180	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2180	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2144	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2144	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 2144	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	powershell.exe
PID 2668 wrote to memory of 828	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	aspnet_state.exe
PID 2668 wrote to memory of 828	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	aspnet_state.exe
PID 2668 wrote to memory of 828	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	aspnet_state.exe
PID 2668 wrote to memory of 1136	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	mscorsvw.exe
PID 2668 wrote to memory of 1136	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	mscorsvw.exe
PID 2668 wrote to memory of 1136	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	mscorsvw.exe
PID 2668 wrote to memory of 972	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	aspnet_regiis.exe
PID 2668 wrote to memory of 972	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	aspnet_regiis.exe
PID 2668 wrote to memory of 972	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	aspnet_regiis.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe
PID 2668 wrote to memory of 1032	2668	9401cf9f73dfb187bf4cef05d8cfe72b.exe	vbc.exe

C:\Users\Admin\AppData\Local\Temp\9401cf9f73dfb187bf4cef05d8cfe72b.exe
"C:\Users\Admin\AppData\Local\Temp\9401cf9f73dfb187bf4cef05d8cfe72b.exe"
1⤵
- Checks BIOS information in registry
- Windows security modification
- Adds Run key to start application
- Maps connected drives based on registry
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\TATTOOISTSEAB\svchost.exe" -Force
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2440

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\TATTOOISTSEAB\svchost.exe" -Force
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2180

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\9401cf9f73dfb187bf4cef05d8cfe72b.exe" -Force
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
2⤵
PID:828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
2⤵
PID:1136

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
2⤵
PID:972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
MD5
db01a2c1c7e70b2b038edf8ad5ad9826

SHA1
540217c647a73bad8d8a79e3a0f3998b5abd199b

SHA256
413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d

SHA512
c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
MD5
184ad2760f9aa2f6f9c4e8cd6b0c97b9

SHA1
856a0d12aad9c807a5092b2f0992aa0787c833a8

SHA256
784861d2266a0971ed6a6b5fffc4667f506f6a86fef3e1297880cb348cda57f2

SHA512
0e5fe071349894fbf7c0107803aae7b37c615031ffe6df496c198dd5f7f121901dd48e4dcbeba44b460dd26182efd95af7537f2ae34b245f1534a2828ee1fc39

Download Submit
memory/1032-181-0x0000000000400000-0x00000000007E5000-memory.dmp

Filesize
3.9MB

Download
memory/1032-167-0x0000000000400000-0x00000000007E5000-memory.dmp

Filesize
3.9MB

Download
memory/1032-168-0x00000000007E2730-mapping.dmp

Download
memory/1032-171-0x0000000004C40000-0x0000000004C41000-memory.dmp

Filesize
4KB

Download
memory/1032-172-0x0000000000400000-0x00000000007E5000-memory.dmp

Filesize
3.9MB

Download
memory/1032-170-0x0000000004C40000-0x0000000004C41000-memory.dmp

Filesize
4KB

Download
memory/2144-207-0x0000000008ED0000-0x0000000008F03000-memory.dmp

Filesize
204KB

Download
memory/2144-214-0x0000000007840000-0x00000000078A6000-memory.dmp

Filesize
408KB

Download
memory/2144-177-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/2144-174-0x0000000008080000-0x00000000080F6000-memory.dmp

Filesize
472KB

Download
memory/2144-147-0x0000000007040000-0x0000000007668000-memory.dmp

Filesize
6.2MB

Download
memory/2144-128-0x0000000000000000-mapping.dmp

Download
memory/2144-203-0x0000000008ED0000-0x0000000008F03000-memory.dmp

Filesize
204KB

Download
memory/2144-132-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/2144-200-0x0000000007040000-0x0000000007668000-memory.dmp

Filesize
6.2MB

Download
memory/2144-162-0x0000000007D10000-0x0000000007D2C000-memory.dmp

Filesize
112KB

Download
memory/2144-212-0x000000007EAF0000-0x000000007EAF1000-memory.dmp

Filesize
4KB

Download
memory/2144-210-0x0000000006E80000-0x0000000006EA2000-memory.dmp

Filesize
136KB

Download
memory/2144-135-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/2144-166-0x0000000007D50000-0x0000000007D9B000-memory.dmp

Filesize
300KB

Download
memory/2144-159-0x0000000007920000-0x0000000007C70000-memory.dmp

Filesize
3.3MB

Download
memory/2144-136-0x0000000001030000-0x0000000001031000-memory.dmp

Filesize
4KB

Download
memory/2144-156-0x00000000078B0000-0x0000000007916000-memory.dmp

Filesize
408KB

Download
memory/2144-153-0x0000000007840000-0x00000000078A6000-memory.dmp

Filesize
408KB

Download
memory/2144-139-0x00000000010C0000-0x00000000010F6000-memory.dmp

Filesize
216KB

Download
memory/2144-149-0x0000000006E80000-0x0000000006EA2000-memory.dmp

Filesize
136KB

Download
memory/2144-143-0x0000000001032000-0x0000000001033000-memory.dmp

Filesize
4KB

Download
memory/2180-158-0x00000000074B0000-0x0000000007800000-memory.dmp

Filesize
3.3MB

Download
memory/2180-134-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2180-211-0x00000000073A0000-0x0000000007406000-memory.dmp

Filesize
408KB

Download
memory/2180-145-0x0000000006D00000-0x0000000007328000-memory.dmp

Filesize
6.2MB

Download
memory/2180-215-0x0000000007440000-0x00000000074A6000-memory.dmp

Filesize
408KB

Download
memory/2180-142-0x0000000001212000-0x0000000001213000-memory.dmp

Filesize
4KB

Download
memory/2180-201-0x0000000006D00000-0x0000000007328000-memory.dmp

Filesize
6.2MB

Download
memory/2180-150-0x0000000006A80000-0x0000000006AA2000-memory.dmp

Filesize
136KB

Download
memory/2180-209-0x0000000006A80000-0x0000000006AA2000-memory.dmp

Filesize
136KB

Download
memory/2180-205-0x0000000008B00000-0x0000000008B33000-memory.dmp

Filesize
204KB

Download
memory/2180-202-0x0000000008B00000-0x0000000008B33000-memory.dmp

Filesize
204KB

Download
memory/2180-140-0x0000000000C90000-0x0000000000CC6000-memory.dmp

Filesize
216KB

Download
memory/2180-176-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2180-155-0x0000000007440000-0x00000000074A6000-memory.dmp

Filesize
408KB

Download
memory/2180-173-0x0000000007C20000-0x0000000007C96000-memory.dmp

Filesize
472KB

Download
memory/2180-152-0x00000000073A0000-0x0000000007406000-memory.dmp

Filesize
408KB

Download
memory/2180-127-0x0000000000000000-mapping.dmp

Download
memory/2180-130-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2180-138-0x0000000001210000-0x0000000001211000-memory.dmp

Filesize
4KB

Download
memory/2180-165-0x0000000007E40000-0x0000000007E8B000-memory.dmp

Filesize
300KB

Download
memory/2180-163-0x0000000007820000-0x000000000783C000-memory.dmp

Filesize
112KB

Download
memory/2440-161-0x0000000007830000-0x000000000784C000-memory.dmp

Filesize
112KB

Download
memory/2440-137-0x0000000003350000-0x0000000003386000-memory.dmp

Filesize
216KB

Download
memory/2440-131-0x00000000011E0000-0x00000000011E1000-memory.dmp

Filesize
4KB

Download
memory/2440-169-0x00000000086E0000-0x0000000008756000-memory.dmp

Filesize
472KB

Download
memory/2440-164-0x0000000008690000-0x00000000086DB000-memory.dmp

Filesize
300KB

Download
memory/2440-148-0x0000000007880000-0x0000000007EA8000-memory.dmp

Filesize
6.2MB

Download
memory/2440-160-0x0000000007F20000-0x0000000008270000-memory.dmp

Filesize
3.3MB

Download
memory/2440-146-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/2440-126-0x0000000000000000-mapping.dmp

Download
memory/2440-154-0x0000000007790000-0x00000000077F6000-memory.dmp

Filesize
408KB

Download
memory/2440-216-0x0000000007790000-0x00000000077F6000-memory.dmp

Filesize
408KB

Download
memory/2440-157-0x0000000007EB0000-0x0000000007F16000-memory.dmp

Filesize
408KB

Download
memory/2440-175-0x00000000011E0000-0x00000000011E1000-memory.dmp

Filesize
4KB

Download
memory/2440-151-0x00000000075A0000-0x00000000075C2000-memory.dmp

Filesize
136KB

Download
memory/2440-204-0x0000000007880000-0x0000000007EA8000-memory.dmp

Filesize
6.2MB

Download
memory/2440-208-0x0000000009710000-0x0000000009743000-memory.dmp

Filesize
204KB

Download
memory/2440-206-0x0000000009710000-0x0000000009743000-memory.dmp

Filesize
204KB

Download
memory/2440-129-0x00000000011E0000-0x00000000011E1000-memory.dmp

Filesize
4KB

Download
memory/2440-141-0x0000000007242000-0x0000000007243000-memory.dmp

Filesize
4KB

Download
memory/2440-213-0x00000000075A0000-0x00000000075C2000-memory.dmp

Filesize
136KB

Download
memory/2668-119-0x0000000004B10000-0x0000000004B18000-memory.dmp

Filesize
32KB

Download
memory/2668-115-0x0000000000180000-0x00000000003BC000-memory.dmp

Filesize
2.2MB

Download
memory/2668-122-0x0000000005F30000-0x000000000613C000-memory.dmp

Filesize
2.0MB

Download
memory/2668-121-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

Filesize
4KB

Download
memory/2668-124-0x0000000007900000-0x0000000007DFE000-memory.dmp

Filesize
5.0MB

Download
memory/2668-120-0x0000000004B30000-0x0000000004B38000-memory.dmp

Filesize
32KB

Download
memory/2668-123-0x0000000004D30000-0x0000000004DC4000-memory.dmp

Filesize
592KB

Download
memory/2668-125-0x0000000007570000-0x00000000075D6000-memory.dmp

Filesize
408KB

Download
memory/2668-144-0x00000000078C0000-0x00000000078CA000-memory.dmp

Filesize
40KB

Download
memory/2668-133-0x0000000008730000-0x00000000087C2000-memory.dmp

Filesize
584KB

Download
memory/2668-118-0x0000000004B00000-0x0000000004B08000-memory.dmp

Filesize
32KB

Download
memory/2668-117-0x0000000004AF0000-0x0000000004AF8000-memory.dmp

Filesize
32KB

Download
memory/2668-116-0x0000000004B90000-0x0000000004C2C000-memory.dmp

Filesize
624KB

Download