5e5c17140ce8829ed152d6fce28064e9f5693d789d9ffd2e6b45e330cf5f2207

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2022 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BLTools 1.9 [CRACKED BY INJUAN]/BLTools-v1.9.exe
Size

9.3MB
MD5

5b8fee9267593396b57d345a9afc7ddb
SHA1

264968d1bf7c1f6ad0ca4cbdeb89762ddd294948
SHA256

90dc5d6d2a6b8b4dc6b5f95c44d24b1b6e1916911b1b7a51dd97ed055156fddd
SHA512

69f9254f78f6ba09d456321cdc74dd74115debc5b91d4abf00cbf665d91ace2d1f4289ee0be9aa32a437b3d14d420b149e778a244c1478df59f3bc9a9571f085

Score

10^/10

evasion themida trojan

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

BLTools-v1.9.exe

description pid process target process

PID 620 created 3080 620 BLTools-v1.9.exe Explorer.EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

BLTools-v1.9.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ BLTools-v1.9.exe
Downloads MZ/PE file
Drops file in Drivers directory 1 IoCs

Processes:

BLTools v1.9.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\etc\hosts BLTools v1.9.exe
Executes dropped EXE 2 IoCs

Processes:

BLTools v1.9.exeMpDlpCmd.exe

pid process

8 BLTools v1.9.exe
2120 MpDlpCmd.exe

description	pid	process	target process
PID 620 created 3080	620	BLTools-v1.9.exe	Explorer.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BLTools-v1.9.exe

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	BLTools v1.9.exe

pid	process
8	BLTools v1.9.exe
2120	MpDlpCmd.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BLTools-v1.9.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BLTools-v1.9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BLTools-v1.9.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BLTools-v1.9.exeBLTools-v1.9.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Control Panel\International\Geo\Nation	BLTools-v1.9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Control Panel\International\Geo\Nation	BLTools-v1.9.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral4/memory/620-133-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp	themida
behavioral4/memory/620-134-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp	themida
behavioral4/memory/620-143-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp	themida
behavioral4/memory/3040-215-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

BLTools-v1.9.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA BLTools-v1.9.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BLTools-v1.9.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 19 IoCs

Processes:

BLTools-v1.9.exeMpDlpCmd.exe

pid	process
3040	BLTools-v1.9.exe
3040	BLTools-v1.9.exe
3040	BLTools-v1.9.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
3040	BLTools-v1.9.exe
2120	MpDlpCmd.exe
3040	BLTools-v1.9.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

BLTools-v1.9.exe

description pid process target process

PID 620 set thread context of 3040 620 BLTools-v1.9.exe BLTools-v1.9.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

BLTools-v1.9.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ BLTools-v1.9.exe

description	pid	process	target process
PID 620 set thread context of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BLTools-v1.9.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

BLTools-v1.9.exeBLTools v1.9.exeMpDlpCmd.exe

pid	process
3040	BLTools-v1.9.exe
3040	BLTools-v1.9.exe
3040	BLTools-v1.9.exe
8	BLTools v1.9.exe
8	BLTools v1.9.exe
2120	MpDlpCmd.exe
2120	MpDlpCmd.exe
8	BLTools v1.9.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BLTools-v1.9.exe

description	pid	process
Token: SeDebugPrivilege	3040	BLTools-v1.9.exe
Token: SeIncreaseQuotaPrivilege	3040	BLTools-v1.9.exe
Token: SeSecurityPrivilege	3040	BLTools-v1.9.exe
Token: SeTakeOwnershipPrivilege	3040	BLTools-v1.9.exe
Token: SeLoadDriverPrivilege	3040	BLTools-v1.9.exe
Token: SeSystemProfilePrivilege	3040	BLTools-v1.9.exe
Token: SeSystemtimePrivilege	3040	BLTools-v1.9.exe
Token: SeProfSingleProcessPrivilege	3040	BLTools-v1.9.exe
Token: SeIncBasePriorityPrivilege	3040	BLTools-v1.9.exe
Token: SeCreatePagefilePrivilege	3040	BLTools-v1.9.exe
Token: SeBackupPrivilege	3040	BLTools-v1.9.exe
Token: SeRestorePrivilege	3040	BLTools-v1.9.exe
Token: SeShutdownPrivilege	3040	BLTools-v1.9.exe
Token: SeDebugPrivilege	3040	BLTools-v1.9.exe
Token: SeSystemEnvironmentPrivilege	3040	BLTools-v1.9.exe
Token: SeRemoteShutdownPrivilege	3040	BLTools-v1.9.exe
Token: SeUndockPrivilege	3040	BLTools-v1.9.exe
Token: SeManageVolumePrivilege	3040	BLTools-v1.9.exe
Token: 33	3040	BLTools-v1.9.exe
Token: 34	3040	BLTools-v1.9.exe
Token: 35	3040	BLTools-v1.9.exe
Token: 36	3040	BLTools-v1.9.exe
Token: SeIncreaseQuotaPrivilege	3040	BLTools-v1.9.exe
Token: SeSecurityPrivilege	3040	BLTools-v1.9.exe
Token: SeTakeOwnershipPrivilege	3040	BLTools-v1.9.exe
Token: SeLoadDriverPrivilege	3040	BLTools-v1.9.exe
Token: SeSystemProfilePrivilege	3040	BLTools-v1.9.exe
Token: SeSystemtimePrivilege	3040	BLTools-v1.9.exe
Token: SeProfSingleProcessPrivilege	3040	BLTools-v1.9.exe
Token: SeIncBasePriorityPrivilege	3040	BLTools-v1.9.exe
Token: SeCreatePagefilePrivilege	3040	BLTools-v1.9.exe
Token: SeBackupPrivilege	3040	BLTools-v1.9.exe
Token: SeRestorePrivilege	3040	BLTools-v1.9.exe
Token: SeShutdownPrivilege	3040	BLTools-v1.9.exe
Token: SeDebugPrivilege	3040	BLTools-v1.9.exe
Token: SeSystemEnvironmentPrivilege	3040	BLTools-v1.9.exe
Token: SeRemoteShutdownPrivilege	3040	BLTools-v1.9.exe
Token: SeUndockPrivilege	3040	BLTools-v1.9.exe
Token: SeManageVolumePrivilege	3040	BLTools-v1.9.exe
Token: 33	3040	BLTools-v1.9.exe
Token: 34	3040	BLTools-v1.9.exe
Token: 35	3040	BLTools-v1.9.exe
Token: 36	3040	BLTools-v1.9.exe
Token: SeIncreaseQuotaPrivilege	3040	BLTools-v1.9.exe
Token: SeSecurityPrivilege	3040	BLTools-v1.9.exe
Token: SeTakeOwnershipPrivilege	3040	BLTools-v1.9.exe
Token: SeLoadDriverPrivilege	3040	BLTools-v1.9.exe
Token: SeSystemProfilePrivilege	3040	BLTools-v1.9.exe
Token: SeSystemtimePrivilege	3040	BLTools-v1.9.exe
Token: SeProfSingleProcessPrivilege	3040	BLTools-v1.9.exe
Token: SeIncBasePriorityPrivilege	3040	BLTools-v1.9.exe
Token: SeCreatePagefilePrivilege	3040	BLTools-v1.9.exe
Token: SeBackupPrivilege	3040	BLTools-v1.9.exe
Token: SeRestorePrivilege	3040	BLTools-v1.9.exe
Token: SeShutdownPrivilege	3040	BLTools-v1.9.exe
Token: SeDebugPrivilege	3040	BLTools-v1.9.exe
Token: SeSystemEnvironmentPrivilege	3040	BLTools-v1.9.exe
Token: SeRemoteShutdownPrivilege	3040	BLTools-v1.9.exe
Token: SeUndockPrivilege	3040	BLTools-v1.9.exe
Token: SeManageVolumePrivilege	3040	BLTools-v1.9.exe
Token: 33	3040	BLTools-v1.9.exe
Token: 34	3040	BLTools-v1.9.exe
Token: 35	3040	BLTools-v1.9.exe
Token: 36	3040	BLTools-v1.9.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

BLTools-v1.9.exeBLTools-v1.9.exe

description	pid	process	target process
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 3040	620	BLTools-v1.9.exe	BLTools-v1.9.exe
PID 620 wrote to memory of 8	620	BLTools-v1.9.exe	BLTools v1.9.exe
PID 620 wrote to memory of 8	620	BLTools-v1.9.exe	BLTools v1.9.exe
PID 620 wrote to memory of 8	620	BLTools-v1.9.exe	BLTools v1.9.exe
PID 3040 wrote to memory of 2120	3040	BLTools-v1.9.exe	MpDlpCmd.exe
PID 3040 wrote to memory of 2120	3040	BLTools-v1.9.exe	MpDlpCmd.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools-v1.9.exe
"C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools-v1.9.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:620

C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools v1.9.exe
"C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools v1.9.exe"
3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:8

C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools-v1.9.exe
"C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools-v1.9.exe"
2⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2120

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BLTools-v1.9.exe.log
Filesize
859B

MD5
6e11a15fe4491ead2a94f64d3467be38

SHA1
9a8329fb71ddc89dae9aa174c0b44a1f646efd63

SHA256
087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248

SHA512
6154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106

Download Submit
C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools v1.9.exe
Filesize
5.1MB

MD5
f36d71183fe68a91e94b2f6608700007

SHA1
e0c9afb2309e1d00dbb292a61c95feabee0ca1e5

SHA256
539301d8f1e30accc6f993a8c9bf3dc79196f864ef4455e07de6cdd46a17c305

SHA512
6a25d645f9247e5eea60de4a7e07b661d018cdb1eb2b7f92800124f4362351cc6dd9400fad596bcbcdfba9273037ba9c62fb61a4dfaafb50155b081b98dc84bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\BLTools 1.9 [CRACKED BY INJUAN]\BLTools v1.9.exe
Filesize
5.1MB

MD5
f36d71183fe68a91e94b2f6608700007

SHA1
e0c9afb2309e1d00dbb292a61c95feabee0ca1e5

SHA256
539301d8f1e30accc6f993a8c9bf3dc79196f864ef4455e07de6cdd46a17c305

SHA512
6a25d645f9247e5eea60de4a7e07b661d018cdb1eb2b7f92800124f4362351cc6dd9400fad596bcbcdfba9273037ba9c62fb61a4dfaafb50155b081b98dc84bd

Download Submit
memory/8-196-0x00000000069B0000-0x00000000069E8000-memory.dmp

Filesize
224KB

Download
memory/8-156-0x0000000005830000-0x0000000005890000-memory.dmp

Filesize
384KB

Download
memory/8-140-0x0000000000000000-mapping.dmp

Download
memory/8-157-0x0000000005C80000-0x0000000005CE6000-memory.dmp

Filesize
408KB

Download
memory/8-197-0x0000000006050000-0x000000000605E000-memory.dmp

Filesize
56KB

Download
memory/8-149-0x0000000000940000-0x0000000000E62000-memory.dmp

Filesize
5.1MB

Download
memory/8-195-0x0000000005F40000-0x0000000005F48000-memory.dmp

Filesize
32KB

Download
memory/8-205-0x000000000AA60000-0x000000000AA7C000-memory.dmp

Filesize
112KB

Download
memory/8-194-0x0000000005F60000-0x0000000005F84000-memory.dmp

Filesize
144KB

Download
memory/620-130-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/620-143-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/620-133-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/620-134-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/620-135-0x00007FFBFF200000-0x00007FFBFFCC1000-memory.dmp

Filesize
10.8MB

Download
memory/620-145-0x00007FFBFF200000-0x00007FFBFFCC1000-memory.dmp

Filesize
10.8MB

Download
memory/2120-210-0x0000000000A00000-0x00000000018EF000-memory.dmp

Filesize
14.9MB

Download
memory/2120-211-0x0000000000A00000-0x00000000018EF000-memory.dmp

Filesize
14.9MB

Download
memory/2120-202-0x0000000000000000-mapping.dmp

Download
memory/2120-212-0x0000000000A00000-0x00000000018EF000-memory.dmp

Filesize
14.9MB

Download
memory/2120-213-0x0000000000A00000-0x00000000018EF000-memory.dmp

Filesize
14.9MB

Download
memory/2120-214-0x00007FF443CE0000-0x00007FF4440B1000-memory.dmp

Filesize
3.8MB

Download
memory/2120-207-0x00007FF443CE0000-0x00007FF4440B1000-memory.dmp

Filesize
3.8MB

Download
memory/2120-206-0x0000000000A00000-0x00000000018EF000-memory.dmp

Filesize
14.9MB

Download
memory/2120-209-0x0000000000A00000-0x00000000018EF000-memory.dmp

Filesize
14.9MB

Download
memory/3040-154-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-163-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-168-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-167-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-166-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-165-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-170-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-173-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-172-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-174-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-175-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-177-0x00007FFC1CDA0000-0x00007FFC1CDB0000-memory.dmp

Filesize
64KB

Download
memory/3040-182-0x00007FFC1CF90000-0x00007FFC1CFA0000-memory.dmp

Filesize
64KB

Download
memory/3040-183-0x00007FFC1CF90000-0x00007FFC1CFA0000-memory.dmp

Filesize
64KB

Download
memory/3040-181-0x00007FFC1CF90000-0x00007FFC1CFA0000-memory.dmp

Filesize
64KB

Download
memory/3040-180-0x00007FFC1CCE0000-0x00007FFC1CCF0000-memory.dmp

Filesize
64KB

Download
memory/3040-179-0x00007FFC1CCE0000-0x00007FFC1CCF0000-memory.dmp

Filesize
64KB

Download
memory/3040-178-0x00007FFC1CDA0000-0x00007FFC1CDB0000-memory.dmp

Filesize
64KB

Download
memory/3040-176-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-184-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-171-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-164-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-162-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-185-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-186-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-187-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-188-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-169-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-190-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-191-0x00000000039F0000-0x0000000003A12000-memory.dmp

Filesize
136KB

Download
memory/3040-192-0x00007FFC1CFF0000-0x00007FFC1D000000-memory.dmp

Filesize
64KB

Download
memory/3040-193-0x00007FFBFF200000-0x00007FFBFFCC1000-memory.dmp

Filesize
10.8MB

Download
memory/3040-161-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-159-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-160-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-158-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-198-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/3040-199-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-200-0x00007FF48F330000-0x00007FF48F701000-memory.dmp

Filesize
3.8MB

Download
memory/3040-201-0x00007FFBFF200000-0x00007FFBFFCC1000-memory.dmp

Filesize
10.8MB

Download
memory/3040-152-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-155-0x00007FF48F330000-0x00007FF48F701000-memory.dmp

Filesize
3.8MB

Download
memory/3040-153-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-150-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-151-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-148-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-208-0x0000000026920000-0x00000000270C6000-memory.dmp

Filesize
7.6MB

Download
memory/3040-147-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-146-0x00007FFC1CC40000-0x00007FFC1CC50000-memory.dmp

Filesize
64KB

Download
memory/3040-144-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/3040-139-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-137-0x0000000140CC1968-mapping.dmp

Download
memory/3040-136-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-215-0x00007FF6E13D0000-0x00007FF6E2172000-memory.dmp

Filesize
13.6MB

Download
memory/3040-216-0x0000000140000000-0x0000000140CC6000-memory.dmp

Filesize
12.8MB

Download
memory/3040-217-0x00007FFBFF200000-0x00007FFBFFCC1000-memory.dmp

Filesize
10.8MB

Download