2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

Analysis

max time kernel
151s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
15/04/2022, 08:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe
Size

2.2MB
MD5

41d2d84306230b4b34fd9bba81c8c266
SHA1

b50404acbac5c7d8315fecd477a1d43ddf6e812e
SHA256

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8
SHA512

0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
1184	libmfxsw32.exe
1628	libmfxsw32.exe
1492	libmfxsw32.exe
636	libmfxsw32.exe
676	libmfxsw32.exe
1632	libmfxsw32.exe
388	libmfxsw32.exe
1824	libmfxsw32.exe

Modifies file permissions 1 TTPs 3 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1932	icacls.exe
1904	icacls.exe
648	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

AutoIT Executable 16 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1772-64-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1772-66-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1772-68-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1772-70-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1772-71-0x0000000000427F4A-mapping.dmp	autoit_exe
behavioral1/memory/1772-74-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1772-75-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1492-111-0x0000000000427F4A-mapping.dmp	autoit_exe
behavioral1/memory/1492-115-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1492-116-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/636-118-0x0000000000427F4A-mapping.dmp	autoit_exe
behavioral1/memory/636-124-0x0000000000190000-0x0000000000278000-memory.dmp	autoit_exe
behavioral1/memory/636-129-0x0000000000190000-0x0000000000278000-memory.dmp	autoit_exe
behavioral1/memory/1632-146-0x0000000000427F4A-mapping.dmp	autoit_exe
behavioral1/memory/1632-151-0x0000000000400000-0x00000000004E8000-memory.dmp	autoit_exe
behavioral1/memory/1824-167-0x0000000000427F4A-mapping.dmp	autoit_exe

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 784 set thread context of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 1184 set thread context of 1492	1184	libmfxsw32.exe	39
PID 1628 set thread context of 636	1628	libmfxsw32.exe	40
PID 676 set thread context of 1632	676	libmfxsw32.exe	42
PID 388 set thread context of 1824	388	libmfxsw32.exe	44

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe
1184	libmfxsw32.exe
1628	libmfxsw32.exe
676	libmfxsw32.exe
388	libmfxsw32.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1772	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe
Token: SeDebugPrivilege	1628	libmfxsw32.exe
Token: SeDebugPrivilege	1184	libmfxsw32.exe
Token: SeDebugPrivilege	676	libmfxsw32.exe
Token: SeDebugPrivilege	388	libmfxsw32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 784 wrote to memory of 1772	784	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	28
PID 1772 wrote to memory of 1952	1772	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	29
PID 1772 wrote to memory of 1952	1772	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	29
PID 1772 wrote to memory of 1952	1772	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	29
PID 1772 wrote to memory of 1952	1772	2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe	29
PID 1952 wrote to memory of 1904	1952	cmd.exe	31
PID 1952 wrote to memory of 1904	1952	cmd.exe	31
PID 1952 wrote to memory of 1904	1952	cmd.exe	31
PID 1952 wrote to memory of 1904	1952	cmd.exe	31
PID 1952 wrote to memory of 648	1952	cmd.exe	32
PID 1952 wrote to memory of 648	1952	cmd.exe	32
PID 1952 wrote to memory of 648	1952	cmd.exe	32
PID 1952 wrote to memory of 648	1952	cmd.exe	32
PID 1952 wrote to memory of 1932	1952	cmd.exe	33
PID 1952 wrote to memory of 1932	1952	cmd.exe	33
PID 1952 wrote to memory of 1932	1952	cmd.exe	33
PID 1952 wrote to memory of 1932	1952	cmd.exe	33
PID 1352 wrote to memory of 1628	1352	taskeng.exe	38
PID 1352 wrote to memory of 1628	1352	taskeng.exe	38
PID 1352 wrote to memory of 1628	1352	taskeng.exe	38
PID 1352 wrote to memory of 1628	1352	taskeng.exe	38
PID 1352 wrote to memory of 1184	1352	taskeng.exe	37
PID 1352 wrote to memory of 1184	1352	taskeng.exe	37
PID 1352 wrote to memory of 1184	1352	taskeng.exe	37
PID 1352 wrote to memory of 1184	1352	taskeng.exe	37
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1184 wrote to memory of 1492	1184	libmfxsw32.exe	39
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1628 wrote to memory of 636	1628	libmfxsw32.exe	40
PID 1352 wrote to memory of 676	1352	taskeng.exe	41
PID 1352 wrote to memory of 676	1352	taskeng.exe	41
PID 1352 wrote to memory of 676	1352	taskeng.exe	41
PID 1352 wrote to memory of 676	1352	taskeng.exe	41
PID 676 wrote to memory of 1632	676	libmfxsw32.exe	42
PID 676 wrote to memory of 1632	676	libmfxsw32.exe	42
PID 676 wrote to memory of 1632	676	libmfxsw32.exe	42

C:\Users\Admin\AppData\Local\Temp\2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe
"C:\Users\Admin\AppData\Local\Temp\2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:784
- C:\Users\Admin\AppData\Local\Temp\2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe
  "C:\Users\Admin\AppData\Local\Temp\2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe"
  2⤵
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c icacls "C:\Users\Admin\AppData\Roaming\Mxmetamux" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "C:\Users\Admin\AppData\Roaming\Mxmetamux" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)" & icacls "C:\Users\Admin\AppData\Roaming\Mxmetamux" /inheritance:e /deny "Admin:(R,REA,RA,RD)"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Windows\SysWOW64\icacls.exe
      icacls "C:\Users\Admin\AppData\Roaming\Mxmetamux" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
      4⤵
      Modifies file permissions
      PID:1904
  - - C:\Windows\SysWOW64\icacls.exe
      icacls "C:\Users\Admin\AppData\Roaming\Mxmetamux" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
      4⤵
      Modifies file permissions
      PID:648
  - - C:\Windows\SysWOW64\icacls.exe
      icacls "C:\Users\Admin\AppData\Roaming\Mxmetamux" /inheritance:e /deny "Admin:(R,REA,RA,RD)"
      4⤵
      Modifies file permissions
      PID:1932

C:\Windows\system32\taskeng.exe
taskeng.exe {27DEB193-5500-4FB1-8F65-06B0795FA095} S-1-5-21-1819626980-2277161760-1023733287-1000:TBHNEBSE\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1184
- - C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
    "C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe"
    3⤵
    - Executes dropped EXE
    PID:1492
- C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
    "C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe"
    3⤵
    - Executes dropped EXE
    PID:636
- C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:676
- - C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
    "C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe"
    3⤵
    - Executes dropped EXE
    PID:1632
- C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:388
- - C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe
    "C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe"
    3⤵
    - Executes dropped EXE
    PID:1824

Network

DNS

iplogger.org

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

Remote address:

8.8.8.8:53

Request

iplogger.org

IN A

Response

iplogger.org

IN A

148.251.234.83

148.251.234.83:443

iplogger.org

tls

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

393 B
219 B
5
5
148.251.234.83:443

iplogger.org

tls

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

355 B
219 B
5
5
148.251.234.83:443

iplogger.org

tls

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

288 B
219 B
5
5
148.251.234.83:443

iplogger.org

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

190 B
92 B
4
2

8.8.8.8:53

iplogger.org

dns

2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8.exe

58 B
74 B
1
1

DNS Request

iplogger.org

DNS Response

148.251.234.83

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mxmetamux\libmfxsw32.exe

Filesize
2.2MB

MD5
41d2d84306230b4b34fd9bba81c8c266

SHA1
b50404acbac5c7d8315fecd477a1d43ddf6e812e

SHA256
2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

SHA512
0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Download Submit
memory/388-154-0x00000000005B0000-0x00000000005D4000-memory.dmp

Filesize
144KB

Download
memory/636-129-0x0000000000190000-0x0000000000278000-memory.dmp

Filesize
928KB

Download
memory/636-124-0x0000000000190000-0x0000000000278000-memory.dmp

Filesize
928KB

Download
memory/676-133-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/676-132-0x0000000000B70000-0x0000000000D8A000-memory.dmp

Filesize
2.1MB

Download
memory/784-55-0x0000000000380000-0x00000000003A0000-memory.dmp

Filesize
128KB

Download
memory/784-57-0x00000000004D0000-0x00000000004DC000-memory.dmp

Filesize
48KB

Download
memory/784-56-0x00000000003B0000-0x00000000003D4000-memory.dmp

Filesize
144KB

Download
memory/784-58-0x0000000000550000-0x0000000000562000-memory.dmp

Filesize
72KB

Download
memory/784-54-0x0000000000B70000-0x0000000000D8A000-memory.dmp

Filesize
2.1MB

Download
memory/1184-85-0x0000000000560000-0x0000000000584000-memory.dmp

Filesize
144KB

Download
memory/1184-87-0x00000000005A0000-0x00000000005B2000-memory.dmp

Filesize
72KB

Download
memory/1492-116-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1492-115-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1628-84-0x0000000000B70000-0x0000000000D8A000-memory.dmp

Filesize
2.1MB

Download
memory/1628-86-0x0000000000350000-0x0000000000374000-memory.dmp

Filesize
144KB

Download
memory/1632-151-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-66-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-64-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-74-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-73-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download
memory/1772-70-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-68-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-59-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-60-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-62-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1772-75-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download