webmonitor | 6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352

Analysis

max time kernel
152s
max time network
190s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-07-2022 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe
Size

1.5MB
MD5

88c8dff86057cf7f4d3fb28f8b35ab39
SHA1

9dfa799ac2d6f228e81520fa5103f3fc1c077bdf
SHA256

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352
SHA512

6f74304a2b5b754ccfa55968cd5c1e798c34861cca067e23629da19cd61a68a43c3e918b6f46158a78d3a1c49d6b2260a2ace4d359d199543948b6aadc857c6c

Score

10^/10

webmonitor backdoor infostealer persistence rat upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

regasm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "\"C:\\Users\\Admin\\AppData\\Roaming\\wE8sDlaISYYagRJj\\BhxD8pPACouG.exe\",explorer.exe"	regasm.exe

RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
backdoor rat infostealer webmonitor

WebMonitor payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1248-137-0x0000000000400000-0x00000000005F7000-memory.dmp	family_webmonitor
behavioral1/memory/1248-138-0x0000000000400000-0x00000000005F7000-memory.dmp	family_webmonitor
behavioral1/memory/1248-139-0x0000000002A60000-0x0000000003A60000-memory.dmp	family_webmonitor
behavioral1/memory/1248-140-0x0000000000400000-0x00000000005F7000-memory.dmp	family_webmonitor

Executes dropped EXE 2 IoCs

Processes:

f4-setup.exePatch.exe

pid process

1792 f4-setup.exe
436 Patch.exe

pid	process
1792	f4-setup.exe
436	Patch.exe

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1792-103-0x0000000000400000-0x0000000000537000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\f4-setup.exe	upx
C:\Users\Admin\AppData\Local\Temp\f4-setup.exe	upx
\Users\Admin\AppData\Local\Temp\f4-setup.exe	upx
\Users\Admin\AppData\Local\Temp\f4-setup.exe	upx
\Users\Admin\AppData\Local\Temp\f4-setup.exe	upx
\Users\Admin\AppData\Local\Temp\f4-setup.exe	upx
behavioral1/memory/1792-123-0x0000000000400000-0x0000000000537000-memory.dmp	upx
behavioral1/memory/1248-127-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-129-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-130-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-133-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-132-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-136-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-137-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-138-0x0000000000400000-0x00000000005F7000-memory.dmp	upx
behavioral1/memory/1248-139-0x0000000002A60000-0x0000000003A60000-memory.dmp	upx
behavioral1/memory/1248-140-0x0000000000400000-0x00000000005F7000-memory.dmp	upx

Loads dropped DLL 8 IoCs

Processes:

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exef4-setup.exePatch.exe

pid	process
1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe
1792	f4-setup.exe
1792	f4-setup.exe
1792	f4-setup.exe
1792	f4-setup.exe
436	Patch.exe
436	Patch.exe
436	Patch.exe

Unexpected DNS network traffic destination 5 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 1.2.4.8
Destination IP 185.243.215.214
Destination IP 185.243.215.214
Destination IP 1.2.4.8
Destination IP 185.243.215.214

description	ioc
Destination IP	1.2.4.8
Destination IP	185.243.215.214
Destination IP	185.243.215.214
Destination IP	1.2.4.8
Destination IP	185.243.215.214

Suspicious use of SetThreadContext 2 IoCs

Processes:

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exeregasm.exe

description	pid	process	target process
PID 1480 set thread context of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 696 set thread context of 1248	696	regasm.exe	AppLaunch.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

regasm.exe

pid process

696 regasm.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe

pid process

1480 6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

regasm.exeAppLaunch.exe

description pid process

Token: SeDebugPrivilege 696 regasm.exe
Token: SeDebugPrivilege 1248 AppLaunch.exe
Token: SeShutdownPrivilege 1248 AppLaunch.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe

pid process

1480 6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe

pid	process
696	regasm.exe

description	pid	process
Token: SeDebugPrivilege	696	regasm.exe
Token: SeDebugPrivilege	1248	AppLaunch.exe
Token: SeShutdownPrivilege	1248	AppLaunch.exe

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exef4-setup.exeregasm.exe

description	pid	process	target process
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1480 wrote to memory of 1792	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	f4-setup.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1792 wrote to memory of 436	1792	f4-setup.exe	Patch.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 1480 wrote to memory of 696	1480	6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe	regasm.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe
PID 696 wrote to memory of 1248	696	regasm.exe	AppLaunch.exe

C:\Users\Admin\AppData\Local\Temp\6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe
"C:\Users\Admin\AppData\Local\Temp\6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480

C:\Users\Admin\AppData\Local\Temp\f4-setup.exe
"C:\Users\Admin\AppData\Local\Temp\f4-setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1792

C:\Users\Admin\AppData\Local\Temp\Patch.exe
Patch.exe /silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:436

C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe"
2⤵
- Modifies WinLogon for persistence
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:696

C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1248

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Patch.exe
Filesize
78KB

MD5
c8ecc6d21f0d96f5adb10ba0fad59327

SHA1
63f5f489890b0ea90327a551787120bc71559aed

SHA256
e652438962d628a62456c778b1693390423223dd12f5c233e361c5c5273ecec0

SHA512
27618145d7fabefae7f2fdd56b9b3d0ea6c624a6d6e833bff52bf2d87210b73536052640b39d3419808d02a7c7829b589292087f154ed494145b54ef1fab621a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Patch.exe
Filesize
78KB

MD5
c8ecc6d21f0d96f5adb10ba0fad59327

SHA1
63f5f489890b0ea90327a551787120bc71559aed

SHA256
e652438962d628a62456c778b1693390423223dd12f5c233e361c5c5273ecec0

SHA512
27618145d7fabefae7f2fdd56b9b3d0ea6c624a6d6e833bff52bf2d87210b73536052640b39d3419808d02a7c7829b589292087f154ed494145b54ef1fab621a

Download Submit
C:\Users\Admin\AppData\Local\Temp\f4-setup.exe
Filesize
361KB

MD5
40142677d0bb0ecaad6f45521581a8e3

SHA1
b107dea7dc8ec3d53769484173bf59b24a3a526a

SHA256
8592243aeb23282bb68e22aee5f3aa19288d289c554e6318ff92b3bb80fb2e24

SHA512
fa0a0e0e13f59f6169ad417842b04aa3fa66376a585995d9d1737fb655c46d44e2183209e1266909568c8f80ae9d6e43368d461f3d40be432f683ba2b7048e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\f4-setup.exe
Filesize
361KB

MD5
40142677d0bb0ecaad6f45521581a8e3

SHA1
b107dea7dc8ec3d53769484173bf59b24a3a526a

SHA256
8592243aeb23282bb68e22aee5f3aa19288d289c554e6318ff92b3bb80fb2e24

SHA512
fa0a0e0e13f59f6169ad417842b04aa3fa66376a585995d9d1737fb655c46d44e2183209e1266909568c8f80ae9d6e43368d461f3d40be432f683ba2b7048e59

Download Submit
\Users\Admin\AppData\Local\Temp\Patch.exe
Filesize
78KB

MD5
c8ecc6d21f0d96f5adb10ba0fad59327

SHA1
63f5f489890b0ea90327a551787120bc71559aed

SHA256
e652438962d628a62456c778b1693390423223dd12f5c233e361c5c5273ecec0

SHA512
27618145d7fabefae7f2fdd56b9b3d0ea6c624a6d6e833bff52bf2d87210b73536052640b39d3419808d02a7c7829b589292087f154ed494145b54ef1fab621a

Download Submit
\Users\Admin\AppData\Local\Temp\Patch.exe
Filesize
78KB

MD5
c8ecc6d21f0d96f5adb10ba0fad59327

SHA1
63f5f489890b0ea90327a551787120bc71559aed

SHA256
e652438962d628a62456c778b1693390423223dd12f5c233e361c5c5273ecec0

SHA512
27618145d7fabefae7f2fdd56b9b3d0ea6c624a6d6e833bff52bf2d87210b73536052640b39d3419808d02a7c7829b589292087f154ed494145b54ef1fab621a

Download Submit
\Users\Admin\AppData\Local\Temp\Patch.exe
Filesize
78KB

MD5
c8ecc6d21f0d96f5adb10ba0fad59327

SHA1
63f5f489890b0ea90327a551787120bc71559aed

SHA256
e652438962d628a62456c778b1693390423223dd12f5c233e361c5c5273ecec0

SHA512
27618145d7fabefae7f2fdd56b9b3d0ea6c624a6d6e833bff52bf2d87210b73536052640b39d3419808d02a7c7829b589292087f154ed494145b54ef1fab621a

Download Submit
\Users\Admin\AppData\Local\Temp\dup2patcher.dll
Filesize
72KB

MD5
f6a5ee057facebdbe0f7fcc684408bfe

SHA1
2481e7f2051d4563bdb161acc045c4a12054b9e0

SHA256
0716d3af51df49db26fa4856fbf219e23d2ae3ffe25272669c8cb5b527fbb6bf

SHA512
8153a568ea1f1f954721af33366ae81c00eb9950070004b5e5e2942073be9d6de012fe8233331c9f792f080442d973dd1713823bb6abb0ba0b55af544f6a10a8

Download Submit
\Users\Admin\AppData\Local\Temp\f4-setup.exe
Filesize
361KB

MD5
40142677d0bb0ecaad6f45521581a8e3

SHA1
b107dea7dc8ec3d53769484173bf59b24a3a526a

SHA256
8592243aeb23282bb68e22aee5f3aa19288d289c554e6318ff92b3bb80fb2e24

SHA512
fa0a0e0e13f59f6169ad417842b04aa3fa66376a585995d9d1737fb655c46d44e2183209e1266909568c8f80ae9d6e43368d461f3d40be432f683ba2b7048e59

Download Submit
\Users\Admin\AppData\Local\Temp\f4-setup.exe
Filesize
361KB

MD5
40142677d0bb0ecaad6f45521581a8e3

SHA1
b107dea7dc8ec3d53769484173bf59b24a3a526a

SHA256
8592243aeb23282bb68e22aee5f3aa19288d289c554e6318ff92b3bb80fb2e24

SHA512
fa0a0e0e13f59f6169ad417842b04aa3fa66376a585995d9d1737fb655c46d44e2183209e1266909568c8f80ae9d6e43368d461f3d40be432f683ba2b7048e59

Download Submit
\Users\Admin\AppData\Local\Temp\f4-setup.exe
Filesize
361KB

MD5
40142677d0bb0ecaad6f45521581a8e3

SHA1
b107dea7dc8ec3d53769484173bf59b24a3a526a

SHA256
8592243aeb23282bb68e22aee5f3aa19288d289c554e6318ff92b3bb80fb2e24

SHA512
fa0a0e0e13f59f6169ad417842b04aa3fa66376a585995d9d1737fb655c46d44e2183209e1266909568c8f80ae9d6e43368d461f3d40be432f683ba2b7048e59

Download Submit
\Users\Admin\AppData\Local\Temp\f4-setup.exe
Filesize
361KB

MD5
40142677d0bb0ecaad6f45521581a8e3

SHA1
b107dea7dc8ec3d53769484173bf59b24a3a526a

SHA256
8592243aeb23282bb68e22aee5f3aa19288d289c554e6318ff92b3bb80fb2e24

SHA512
fa0a0e0e13f59f6169ad417842b04aa3fa66376a585995d9d1737fb655c46d44e2183209e1266909568c8f80ae9d6e43368d461f3d40be432f683ba2b7048e59

Download Submit
memory/436-110-0x0000000000000000-mapping.dmp

Download
memory/696-125-0x00000000739F0000-0x0000000073F9B000-memory.dmp

Filesize
5.7MB

Download
memory/696-117-0x00000000004CDDAE-mapping.dmp

Download
memory/696-124-0x00000000003A6000-0x00000000003B7000-memory.dmp

Filesize
68KB

Download
memory/696-121-0x00000000739F0000-0x0000000073F9B000-memory.dmp

Filesize
5.7MB

Download
memory/696-120-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/1248-131-0x00000000005F5A70-mapping.dmp

Download
memory/1248-127-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-129-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-130-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-126-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-133-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-132-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-136-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-137-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-138-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-139-0x0000000002A60000-0x0000000003A60000-memory.dmp

Filesize
16.0MB

Download
memory/1248-140-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/1248-141-0x0000000002A60000-0x0000000003A60000-memory.dmp

Filesize
16.0MB

Download
memory/1480-97-0x00000000006D3000-0x000000000072E000-memory.dmp

Filesize
364KB

Download
memory/1480-91-0x0000000074F91000-0x0000000074F93000-memory.dmp

Filesize
8KB

Download
memory/1480-89-0x00000000006BE000-0x00000000006C3000-memory.dmp

Filesize
20KB

Download
memory/1480-95-0x00000000006D3000-0x000000000072E000-memory.dmp

Filesize
364KB

Download
memory/1480-99-0x00000000006D3000-0x000000000072E000-memory.dmp

Filesize
364KB

Download
memory/1480-100-0x0000000002D90000-0x0000000002EC7000-memory.dmp

Filesize
1.2MB

Download
memory/1480-104-0x00000000006D3000-0x000000000072E000-memory.dmp

Filesize
364KB

Download
memory/1480-105-0x00000000006D3000-0x000000000072E000-memory.dmp

Filesize
364KB

Download
memory/1480-102-0x00000000006D3000-0x000000000072E000-memory.dmp

Filesize
364KB

Download
memory/1480-119-0x00000000008C0000-0x00000000008C8000-memory.dmp

Filesize
32KB

Download
memory/1480-72-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-65-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-71-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-74-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-69-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-83-0x00000000006BE000-0x00000000006C3000-memory.dmp

Filesize
20KB

Download
memory/1480-92-0x00000000006BE000-0x00000000006C3000-memory.dmp

Filesize
20KB

Download
memory/1480-80-0x00000000006BE000-0x00000000006C3000-memory.dmp

Filesize
20KB

Download
memory/1480-56-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-57-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-59-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-62-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-63-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1480-77-0x00000000006BE000-0x00000000006C3000-memory.dmp

Filesize
20KB

Download
memory/1480-68-0x00000000006C8000-0x00000000006CB000-memory.dmp

Filesize
12KB

Download
memory/1792-94-0x0000000000000000-mapping.dmp

Download
memory/1792-123-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/1792-122-0x0000000000540000-0x0000000000677000-memory.dmp

Filesize
1.2MB

Download
memory/1792-103-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download