dfde4df8173b90daa38575d60c96bfc157e045a04e16e46bf073a64fdfd1285e

Analysis

max time kernel
151s
max time network
158s
platform
windows7_x64
resource
win7-20220414-en
submitted
09-06-2022 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

113ac743212e56ac38d22182d7b38385.exe
Size

196KB
MD5

113ac743212e56ac38d22182d7b38385
SHA1

f1098d33d3fe81e370ea1d75096f51d3bebcd855
SHA256

dfde4df8173b90daa38575d60c96bfc157e045a04e16e46bf073a64fdfd1285e
SHA512

ea3f71ea5a135c96a8b768ad4c1f5405892c28ec148981608de2433fdaca3bd80b2c90af5a39c9e67603829fabd1c60b11023511cc56f1d2d0106c747788c320

Score

10^/10

persistence suricata upx

Malware Config

Signatures

suricata: ET MALWARE Backdoor.Win32.Pushdo.s Checkin
suricata: ET MALWARE Backdoor.Win32.Pushdo.s Checkin
suricata
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/948-60-0x0000000004000000-0x0000000004215000-memory.dmp	upx
behavioral1/memory/948-64-0x0000000004000000-0x0000000004215000-memory.dmp	upx
behavioral1/memory/948-66-0x0000000004000000-0x0000000004215000-memory.dmp	upx
behavioral1/memory/924-69-0x0000000004000000-0x000000000408E000-memory.dmp	upx
behavioral1/memory/1716-78-0x0000000004000000-0x0000000004218000-memory.dmp	upx

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

svchost.exesvchost.exesvchost.exe113ac743212e56ac38d22182d7b38385.exesvchost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Regedit32 = "C:\\Windows\\system32\\regedit.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Regedit32 = "C:\\Windows\\system32\\regedit.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Regedit32 = "C:\\Windows\\system32\\regedit.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\tibqanobatib = "C:\\Users\\Admin\\tibqanobatib.exe"	113ac743212e56ac38d22182d7b38385.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Regedit32 = "C:\\Windows\\system32\\regedit.exe"	svchost.exe

Suspicious use of SetThreadContext 11 IoCs

Processes:

113ac743212e56ac38d22182d7b38385.exesvchost.exesvchost.exe

description	pid	process	target process
PID 1216 set thread context of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 set thread context of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 set thread context of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 948 set thread context of 852	948	svchost.exe	svchost.exe
PID 1716 set thread context of 1536	1716	svchost.exe	svchost.exe
PID 948 set thread context of 1172	948	svchost.exe	svchost.exe
PID 948 set thread context of 1760	948	svchost.exe	svchost.exe
PID 1716 set thread context of 1072	1716	svchost.exe	svchost.exe
PID 948 set thread context of 1764	948	svchost.exe	svchost.exe
PID 1716 set thread context of 2172	1716	svchost.exe	svchost.exe
PID 1716 set thread context of 2528	1716	svchost.exe	svchost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

113ac743212e56ac38d22182d7b38385.exe

pid process

1216 113ac743212e56ac38d22182d7b38385.exe

pid	process
1216	113ac743212e56ac38d22182d7b38385.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

113ac743212e56ac38d22182d7b38385.exesvchost.exesvchost.exe

description	pid	process	target process
PID 1216 wrote to memory of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 948	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 924	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 1216 wrote to memory of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 1216 wrote to memory of 1716	1216	113ac743212e56ac38d22182d7b38385.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 948 wrote to memory of 852	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1536	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 948 wrote to memory of 1172	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 948 wrote to memory of 1760	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe
PID 1716 wrote to memory of 1072	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 2172	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 2172	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 2172	1716	svchost.exe	svchost.exe
PID 1716 wrote to memory of 2172	1716	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe
PID 948 wrote to memory of 1764	948	svchost.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\113ac743212e56ac38d22182d7b38385.exe
"C:\Users\Admin\AppData\Local\Temp\113ac743212e56ac38d22182d7b38385.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1216

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:948

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
- Adds Run key to start application
PID:852

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
- Adds Run key to start application
PID:1172

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
- Adds Run key to start application
PID:1760

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
- Adds Run key to start application
PID:1764

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:924

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1716

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:1536

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:1072

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:2172

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:2528

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\16R7PQKL.txt

Filesize
217B

MD5
e2a049c22770565d938106f28651e8cf

SHA1
84c4b03f3986e437bac8dd4243ece5e0ca2af8e9

SHA256
4e23bd9653cb89bdb21993d513ea2482b899009d27035b088ee8d06e2d73352e

SHA512
ad23a9945f2fb22ba46b5c943cf50b824aecef34aeeb616552f39bd41442d488512708056d7e5ca76e32f02a08fd8be328035d001f9b284db4c0932f91973d32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\91W2Z5K4.txt

Filesize
218B

MD5
bb42a5bf250be1ab51cb989a38a36d03

SHA1
589c4261abd3fe21de9f117a77280addb8951fe1

SHA256
885657d11abb93494309103eb5102a006e47978a2fd94e0219a981640db2098d

SHA512
72cea9b2cf64c6c898f10e799c7b4f18f860804a9e83e126ef9cd6b813fbbd61fe1a2027c677eff0622ab3ee7b62c250173ec50562811cf169fac335f5e49668

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AMR1WEM4.txt

Filesize
217B

MD5
54f47aad750f88b4261055a8ca7e5e42

SHA1
331fbdd6de8545cc27962e99c3ca0c0bd3c83d04

SHA256
171230e75162ec8e7b2faa70fb478b3a6fbea6988b28be7f0047ddc20c4707c5

SHA512
92a520beb2c636fa1eae9c52a6ac4bf614d52f35deb89c83bea89f7b7cf7234ddb0a1d0d3f7822f4b59b68e2f42a9826b6305edfe37e29acc236accb1d0b67fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G16OU12F.txt

Filesize
83B

MD5
001607ba6c09d1f9a3fe29c7ebb1a711

SHA1
81f8a0733d01d7085b7b61737f87940c0f9bc69b

SHA256
13d4e235496b0b1afa30050a4d0c6fa91a23034855c5a7c8721b1db0f50dea49

SHA512
a5b5a2f37c9aece31b23a8cb508f03982c40f9c538019ab5eb52430b36c30aeefde76b3816faa1c07e4ca231aef4b9ce63152a8060d213a12c7588a5084624a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H9BJXB5H.txt

Filesize
83B

MD5
b4208515581699146018fc12a6c83249

SHA1
8304df7d83b6ec58bfdcc9e916675c4158a1a20a

SHA256
c0c0c21b3b867c9c77a30f1035d85c78d25a8b33bfd3444abcb179579f0bd51b

SHA512
9a855e47d9ed740ca61dab2b5da7a09a3cb8c98997d1b1f68f595d25848e370ece971c8baa6f8014b2e98199f68eba27e5a71487cd9f4ce4ebc0f6e2727ffde5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IRB5I2VE.txt

Filesize
83B

MD5
3efe538cb428c78c237d9c5ca5c298f8

SHA1
16d11644bd204507dc269f7f35685e6ee1e92adc

SHA256
7e7bcc0fe64e900252de60a4439af0b5bd6b4c24382e164f2748104ba34ed604

SHA512
94f6398d85cd0f38867253c068063c5a0fa3759a83ae154e29b1be79eb9f0736b4b4e0574ce6d41bead054fe391f99f7254135672b2043d4a1557bfb74ce9e43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LBRJKVFB.txt

Filesize
213B

MD5
656718b1f5d92b8b1387db2ee1b3bd21

SHA1
fa2e48ff0cb4897f7667380ad18689dcaeeb507f

SHA256
450dc5125d3f5ad2d069c6f52196fb1e15d46ab7ee7b36910cf1a69fd029cd49

SHA512
1ff299cc7864b87de1163b6ebf57a67d06f82f7d9df6f968ceb9d89e38f379181811bb2963baf1e43062893b3519493cf4939df488f650c44a126f3d4746735a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MM5982GG.txt

Filesize
217B

MD5
5da7a7354cca78b759299f8fd39f09fc

SHA1
eb152b7305d85bacfc7a351d6cec957b64f57daf

SHA256
1e335c0cd3e4ad6944a289c3f25e4aaf6f0cc8ea1ff0b7c2dd08fa04e9c06c49

SHA512
b13ad22206b21fc221cc31a31fb7393662bc036fc59317c08d7c53cae1900d7cd02735eec5a08a67a8e0e65c99865c854b4c3b1e3e3f20b5bab0eb549b1bf583

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PLLT7V6Y.txt

Filesize
217B

MD5
87e9f284a6139524d2ed025a7d5ec153

SHA1
2ffb4263b13391f262d7ac9765215b7ad99acf9b

SHA256
3abdeea028874229671d34a45694546f47a187ded6a1a8d60fc355fcfcbfe7e0

SHA512
36587675628b9e17963854e67a85d3414975a8fde5e187f65851ce48adbb5bb0fcc902c2e948763503f0c4a698bf2d1bfbb7b31bf622ca39db48e777a35356c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R0WP5K0C.txt

Filesize
178B

MD5
00b4a4931166eb80968f6720a6d40b3f

SHA1
ff800335f5fed620a4911639821b48ccf252d874

SHA256
b5412ea5b80ce370ee4f01fee9b886ffb5b9eb72490e0cec409d8633e380a90b

SHA512
559ad411e93078e0b194c89938abf472218c3d625afbd8217dfe72c6657a44833f87cdda6fe690e5abd00bcd3f4b2e90743f71f03b22aca5d0e2a1dabe047f21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U3SUY4FL.txt

Filesize
86B

MD5
f692618651ec105e7c0070851eb8aba9

SHA1
6f4170797b1bd2453da3cb03b8af6c53932b9df2

SHA256
8566cc5bc1cea46581153f89664eb0e57e976668d2e0ec384cb8e7ffc440f50d

SHA512
8a6e52c5f09b6b121a7d49bd86d94622d7ed8da134ab52af6bbd6356aa4ad149dd12e20aa04023d6901a69cd9ee039ceef3df79ed1b80360ef7a36a7950b6bf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZRE51HFM.txt

Filesize
101B

MD5
fbe803125186e2bd5685fb3bcb6ab140

SHA1
5c0318e8b799c2efe21b44ca9e67e9b7d2cb6473

SHA256
d7624a3520e2319ed60183cbcd8fa2d8ee7a696d9dc0593ffe07ab2186da01c1

SHA512
baf5f9b00447afe9bb4c91dfe8e5778e3a898100d9747c9136fe76162fdc330a5923e9caa881f1923890c44fc9a222343e027bab52194b07e39762d063d18c3b

Download Submit
memory/852-99-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/852-82-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/852-71-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/852-130-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/852-168-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/852-124-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/852-76-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/852-80-0x0000000013143509-mapping.dmp

Download
memory/924-67-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/924-69-0x0000000004000000-0x000000000408E000-memory.dmp

Filesize
568KB

Download
memory/924-63-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/924-68-0x0000000000401000-mapping.dmp

Download
memory/924-70-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/948-61-0x0000000004212E80-mapping.dmp

Download
memory/948-66-0x0000000004000000-0x0000000004215000-memory.dmp

Filesize
2.1MB

Download
memory/948-64-0x0000000004000000-0x0000000004215000-memory.dmp

Filesize
2.1MB

Download
memory/948-58-0x0000000004000000-0x0000000004215000-memory.dmp

Filesize
2.1MB

Download
memory/948-60-0x0000000004000000-0x0000000004215000-memory.dmp

Filesize
2.1MB

Download
memory/1072-153-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1072-173-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1072-112-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1072-116-0x0000000013143519-mapping.dmp

Download
memory/1072-125-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1072-155-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/1172-91-0x0000000013143509-mapping.dmp

Download
memory/1172-131-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/1172-104-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1172-128-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1172-170-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1172-89-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1216-54-0x000000000050F000-0x000000000051A000-memory.dmp

Filesize
44KB

Download
memory/1216-162-0x000000000050F000-0x000000000051A000-memory.dmp

Filesize
44KB

Download
memory/1216-55-0x0000000000220000-0x0000000000233000-memory.dmp

Filesize
76KB

Download
memory/1216-56-0x0000000004000000-0x00000000044FB000-memory.dmp

Filesize
5.0MB

Download
memory/1216-163-0x0000000004000000-0x00000000044FB000-memory.dmp

Filesize
5.0MB

Download
memory/1216-57-0x0000000075951000-0x0000000075953000-memory.dmp

Filesize
8KB

Download
memory/1536-90-0x0000000013143504-mapping.dmp

Download
memory/1536-88-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1536-171-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1536-129-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1536-132-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/1536-105-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1716-77-0x0000000000401000-mapping.dmp

Download
memory/1716-87-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1716-73-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1716-75-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1716-78-0x0000000004000000-0x0000000004218000-memory.dmp

Filesize
2.1MB

Download
memory/1760-108-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1760-109-0x0000000013143509-mapping.dmp

Download
memory/1760-150-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1760-117-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1760-172-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1760-133-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/1764-174-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1764-134-0x0000000013143509-mapping.dmp

Download
memory/1764-126-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/1764-157-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/1764-158-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/2172-141-0x0000000013143529-mapping.dmp

Download
memory/2172-164-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download
memory/2172-165-0x0000000004000000-0x0000000004007000-memory.dmp

Filesize
28KB

Download
memory/2528-151-0x0000000013143529-mapping.dmp

Download
memory/2528-166-0x0000000013140000-0x0000000014690000-memory.dmp

Filesize
21.3MB

Download