blacknet | dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594

Analysis

max time kernel
150s
max time network
145s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
28-08-2022 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe
Size

928KB
MD5

a1cb188468d9e8699e98a07eec4e1a86
SHA1

ed41e241d733496ad0edcfe3c2270c55f55884ca
SHA256

dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594
SHA512

8cf987d14158f78c69952a42dbbcc2861174331d034841a6d78e42926b470fa0e5f9a31740595b98b1c4e54028f6a9680d8790424f893918388d771c87438ce6
SSDEEP

12288:J4siGqKClDaPQ7xiGqKClDaPQ77CwMTnwtsX2aEiGqKClDaPQ7ViGqKClDaPQ7:JTfClh7xfClh72h2rfClh7VfClh7

Score

10^/10

blacknet uzvhe6 persistence trojan

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

uzVHE6

http://fakirlerclub.xyz/blacknet

Mutex

BN[fdc98aef8b987490ccd4d376d67d69a7]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
false
usb_spread
false

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

BlackNET payload 3 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe	family_blacknet
C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe	family_blacknet
behavioral1/memory/1584-4413-0x00000000008B0000-0x00000000008CE000-memory.dmp	family_blacknet

Contains code to disable Windows Defender 3 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe	disable_win_def
C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe	disable_win_def
behavioral1/memory/1584-4413-0x00000000008B0000-0x00000000008CE000-memory.dmp	disable_win_def

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

BLACKNET.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe,\"C:\\Users\\Admin\\AppData\\Roaming\\Discord\\ServiceDefender.exe\","	BLACKNET.EXE

Downloads MZ/PE file
Executes dropped EXE 5 IoCs

Processes:

BLACKNET.EXESERVICEEDEFENDER.EXEWINDOWSDEFENDRSMARTSCREEN.EXEWINDOWSSECUTIYHALTHYSERVICE.EXEtmpED9C.tmp.exe

pid process

1900 BLACKNET.EXE
4716 SERVICEEDEFENDER.EXE
2136 WINDOWSDEFENDRSMARTSCREEN.EXE
4740 WINDOWSSECUTIYHALTHYSERVICE.EXE
1584 tmpED9C.tmp.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of SetThreadContext 1 IoCs

Processes:

BLACKNET.EXE

description pid process target process

PID 1900 set thread context of 1204 1900 BLACKNET.EXE InstallUtil.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4724 PING.EXE

pid	process
1900	BLACKNET.EXE
4716	SERVICEEDEFENDER.EXE
2136	WINDOWSDEFENDRSMARTSCREEN.EXE
4740	WINDOWSSECUTIYHALTHYSERVICE.EXE
1584	tmpED9C.tmp.exe

description	pid	process	target process
PID 1900 set thread context of 1204	1900	BLACKNET.EXE	InstallUtil.exe

pid	process
4724	PING.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

WINDOWSSECUTIYHALTHYSERVICE.EXEBLACKNET.EXESERVICEEDEFENDER.EXEWINDOWSDEFENDRSMARTSCREEN.EXEpowershell.exetmpED9C.tmp.exe

pid	process
4740	WINDOWSSECUTIYHALTHYSERVICE.EXE
1900	BLACKNET.EXE
4716	SERVICEEDEFENDER.EXE
2136	WINDOWSDEFENDRSMARTSCREEN.EXE
5080	powershell.exe
5080	powershell.exe
5080	powershell.exe
1900	BLACKNET.EXE
1900	BLACKNET.EXE
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

BLACKNET.EXEWINDOWSDEFENDRSMARTSCREEN.EXESERVICEEDEFENDER.EXEWINDOWSSECUTIYHALTHYSERVICE.EXEpowershell.exeInstallUtil.exetmpED9C.tmp.exe

description	pid	process
Token: SeDebugPrivilege	1900	BLACKNET.EXE
Token: SeDebugPrivilege	2136	WINDOWSDEFENDRSMARTSCREEN.EXE
Token: SeDebugPrivilege	4716	SERVICEEDEFENDER.EXE
Token: SeDebugPrivilege	4740	WINDOWSSECUTIYHALTHYSERVICE.EXE
Token: SeDebugPrivilege	5080	powershell.exe
Token: SeDebugPrivilege	1204	InstallUtil.exe
Token: SeDebugPrivilege	1584	tmpED9C.tmp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

tmpED9C.tmp.exe

pid process

1584 tmpED9C.tmp.exe
1584 tmpED9C.tmp.exe

pid	process
1584	tmpED9C.tmp.exe
1584	tmpED9C.tmp.exe

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exeBLACKNET.EXEInstallUtil.exetmpED9C.tmp.execmd.exe

description	pid	process	target process
PID 2692 wrote to memory of 1900	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	BLACKNET.EXE
PID 2692 wrote to memory of 1900	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	BLACKNET.EXE
PID 2692 wrote to memory of 1900	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	BLACKNET.EXE
PID 2692 wrote to memory of 4716	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	SERVICEEDEFENDER.EXE
PID 2692 wrote to memory of 4716	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	SERVICEEDEFENDER.EXE
PID 2692 wrote to memory of 4716	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	SERVICEEDEFENDER.EXE
PID 2692 wrote to memory of 2136	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	WINDOWSDEFENDRSMARTSCREEN.EXE
PID 2692 wrote to memory of 2136	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	WINDOWSDEFENDRSMARTSCREEN.EXE
PID 2692 wrote to memory of 2136	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	WINDOWSDEFENDRSMARTSCREEN.EXE
PID 2692 wrote to memory of 4740	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	WINDOWSSECUTIYHALTHYSERVICE.EXE
PID 2692 wrote to memory of 4740	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	WINDOWSSECUTIYHALTHYSERVICE.EXE
PID 2692 wrote to memory of 4740	2692	dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe	WINDOWSSECUTIYHALTHYSERVICE.EXE
PID 1900 wrote to memory of 5080	1900	BLACKNET.EXE	powershell.exe
PID 1900 wrote to memory of 5080	1900	BLACKNET.EXE	powershell.exe
PID 1900 wrote to memory of 5080	1900	BLACKNET.EXE	powershell.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1900 wrote to memory of 1204	1900	BLACKNET.EXE	InstallUtil.exe
PID 1204 wrote to memory of 1584	1204	InstallUtil.exe	tmpED9C.tmp.exe
PID 1204 wrote to memory of 1584	1204	InstallUtil.exe	tmpED9C.tmp.exe
PID 1584 wrote to memory of 1568	1584	tmpED9C.tmp.exe	cmd.exe
PID 1584 wrote to memory of 1568	1584	tmpED9C.tmp.exe	cmd.exe
PID 1568 wrote to memory of 4724	1568	cmd.exe	PING.EXE
PID 1568 wrote to memory of 4724	1568	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe
"C:\Users\Admin\AppData\Local\Temp\dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Roaming\BLACKNET.EXE
"C:\Users\Admin\AppData\Roaming\BLACKNET.EXE"
2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1900

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwAxAA==
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
3⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1204

C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping 1.1.1.1 -n 5 -w 5000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1568

C:\Windows\system32\PING.EXE
ping 1.1.1.1 -n 5 -w 5000
6⤵
- Runs ping.exe
PID:4724

C:\Users\Admin\AppData\Roaming\SERVICEEDEFENDER.EXE
"C:\Users\Admin\AppData\Roaming\SERVICEEDEFENDER.EXE"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4716

C:\Users\Admin\AppData\Roaming\WINDOWSDEFENDRSMARTSCREEN.EXE
"C:\Users\Admin\AppData\Roaming\WINDOWSDEFENDRSMARTSCREEN.EXE"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2136

C:\Users\Admin\AppData\Roaming\WINDOWSSECUTIYHALTHYSERVICE.EXE
"C:\Users\Admin\AppData\Roaming\WINDOWSSECUTIYHALTHYSERVICE.EXE"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe
Filesize
99KB

MD5
b15b8d5c4bdc9694e7c8fbfba9f2d7cf

SHA1
6d6cd9b33d691c709eef1bce227a2966af32b050

SHA256
f80bf7bdeca461e9901eb8ab4143ea128d5557821c5f7e5b00ef921bda24c015

SHA512
28f3ce0b26b023116b24c9d8399fed056ccfae2c35b4e65a8adddf0804c8339d04809b9c3b2d94e55be0670e27920c73ffd68658cb16d3a172aef0c3179b6af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpED9C.tmp.exe
Filesize
99KB

MD5
b15b8d5c4bdc9694e7c8fbfba9f2d7cf

SHA1
6d6cd9b33d691c709eef1bce227a2966af32b050

SHA256
f80bf7bdeca461e9901eb8ab4143ea128d5557821c5f7e5b00ef921bda24c015

SHA512
28f3ce0b26b023116b24c9d8399fed056ccfae2c35b4e65a8adddf0804c8339d04809b9c3b2d94e55be0670e27920c73ffd68658cb16d3a172aef0c3179b6af0

Download Submit
C:\Users\Admin\AppData\Roaming\BLACKNET.EXE
Filesize
132KB

MD5
5361492a445395b3abdd3a8d430090dd

SHA1
a0f92e46bfcdcdda574130abd6f57a9e6b2a90f0

SHA256
1eebad9bce22f20abfb8b61eeeaf8ad1166fd23d8b350af22b06392c53bc2802

SHA512
92bf6b2fa52a208387bc5c5970d26208b91668e95196708bf393ff1a781fc4174cbbcf8942ce9fc4df2d6fdbe751a46517daa2c28081b4862434304deebda305

Download Submit
C:\Users\Admin\AppData\Roaming\BLACKNET.EXE
Filesize
132KB

MD5
5361492a445395b3abdd3a8d430090dd

SHA1
a0f92e46bfcdcdda574130abd6f57a9e6b2a90f0

SHA256
1eebad9bce22f20abfb8b61eeeaf8ad1166fd23d8b350af22b06392c53bc2802

SHA512
92bf6b2fa52a208387bc5c5970d26208b91668e95196708bf393ff1a781fc4174cbbcf8942ce9fc4df2d6fdbe751a46517daa2c28081b4862434304deebda305

Download Submit
C:\Users\Admin\AppData\Roaming\SERVICEEDEFENDER.EXE
Filesize
346KB

MD5
c21905b87778932cb51b4715d00e7e7e

SHA1
642c4371d36e27cb165a4eb0b7037d4eebdf4dd5

SHA256
4f120c8ebabebcb9de147e7e0d087b38d86c67aed5889b72a417afdba8008551

SHA512
213e611b240041b2e1eaa91d5d28cec7d309e06fc528e37cacc64b1014128f106e906bb1ccbdd22d6df59de938af5c76542e7f3f05534cb0662dff57adbedde3

Download Submit
C:\Users\Admin\AppData\Roaming\SERVICEEDEFENDER.EXE
Filesize
346KB

MD5
c21905b87778932cb51b4715d00e7e7e

SHA1
642c4371d36e27cb165a4eb0b7037d4eebdf4dd5

SHA256
4f120c8ebabebcb9de147e7e0d087b38d86c67aed5889b72a417afdba8008551

SHA512
213e611b240041b2e1eaa91d5d28cec7d309e06fc528e37cacc64b1014128f106e906bb1ccbdd22d6df59de938af5c76542e7f3f05534cb0662dff57adbedde3

Download Submit
C:\Users\Admin\AppData\Roaming\WINDOWSDEFENDRSMARTSCREEN.EXE
Filesize
132KB

MD5
17fb18573b1dc1054c54f75d03f6a654

SHA1
35215aab38d1c308f2ed7c42b0d363d083e2b23b

SHA256
d131775334ba49896d6566cc77063010bb6f2221ae4816e6dab133bad691f2f1

SHA512
b6e4ce10eb1342bcbddbb9801de1a7b78c6e385005914adbaad8580d4ceeb125202528d22b4c13ec3e7976f5a471ce7c763aea19eb980282627d0383ba712b3f

Download Submit
C:\Users\Admin\AppData\Roaming\WINDOWSDEFENDRSMARTSCREEN.EXE
Filesize
132KB

MD5
17fb18573b1dc1054c54f75d03f6a654

SHA1
35215aab38d1c308f2ed7c42b0d363d083e2b23b

SHA256
d131775334ba49896d6566cc77063010bb6f2221ae4816e6dab133bad691f2f1

SHA512
b6e4ce10eb1342bcbddbb9801de1a7b78c6e385005914adbaad8580d4ceeb125202528d22b4c13ec3e7976f5a471ce7c763aea19eb980282627d0383ba712b3f

Download Submit
C:\Users\Admin\AppData\Roaming\WINDOWSSECUTIYHALTHYSERVICE.EXE
Filesize
132KB

MD5
e8a55a613d23e48cec6bcffe953f422e

SHA1
3140be37c0cfc5d128ad7558ce88cb520ad4ee20

SHA256
bad7ea46205f801d461cd295f246b7ab6c8a0dbd6d93c0021f9e04b0c8f49f97

SHA512
dd6e34824d0811c3f7409bf8882b033bba270fc0d7a4d783d21359ac0043975700e0d1f6a08f33e41d8283eb1ba65881a29e67eaa3ea11ccc4d32eabaca28daf

Download Submit
C:\Users\Admin\AppData\Roaming\WINDOWSSECUTIYHALTHYSERVICE.EXE
Filesize
132KB

MD5
e8a55a613d23e48cec6bcffe953f422e

SHA1
3140be37c0cfc5d128ad7558ce88cb520ad4ee20

SHA256
bad7ea46205f801d461cd295f246b7ab6c8a0dbd6d93c0021f9e04b0c8f49f97

SHA512
dd6e34824d0811c3f7409bf8882b033bba270fc0d7a4d783d21359ac0043975700e0d1f6a08f33e41d8283eb1ba65881a29e67eaa3ea11ccc4d32eabaca28daf

Download Submit
memory/1204-2727-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1204-2591-0x0000000000402ECE-mapping.dmp

Download
memory/1568-4683-0x0000000000000000-mapping.dmp

Download
memory/1584-4413-0x00000000008B0000-0x00000000008CE000-memory.dmp

Filesize
120KB

Download
memory/1584-4400-0x0000000000000000-mapping.dmp

Download
memory/1900-177-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/1900-503-0x0000000006640000-0x0000000006662000-memory.dmp

Filesize
136KB

Download
memory/1900-518-0x00000000069C0000-0x0000000006D10000-memory.dmp

Filesize
3.3MB

Download
memory/1900-298-0x0000000000F60000-0x0000000000F86000-memory.dmp

Filesize
152KB

Download
memory/1900-481-0x0000000006200000-0x000000000642E000-memory.dmp

Filesize
2.2MB

Download
memory/1900-185-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/1900-181-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/1900-172-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/1900-162-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/1900-169-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/1900-158-0x0000000000000000-mapping.dmp

Download
memory/1900-160-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2136-307-0x0000000000B30000-0x0000000000B56000-memory.dmp

Filesize
152KB

Download
memory/2136-178-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2136-505-0x0000000005DE0000-0x0000000005FE6000-memory.dmp

Filesize
2.0MB

Download
memory/2136-165-0x0000000000000000-mapping.dmp

Download
memory/2136-168-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2136-173-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2136-182-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2136-186-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-130-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-156-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-153-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-154-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-155-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-117-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-157-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-144-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-142-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-128-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-141-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-139-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-140-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-138-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-118-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-129-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-151-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-137-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-150-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-120-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-136-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-121-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-122-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-135-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-134-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-123-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-149-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-133-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-131-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-132-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-124-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-143-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-148-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-145-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-119-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-152-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-125-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-126-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-147-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-116-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-146-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-127-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4716-171-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4716-301-0x0000000000D60000-0x0000000000DBC000-memory.dmp

Filesize
368KB

Download
memory/4716-183-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4716-482-0x0000000005F20000-0x00000000060B0000-memory.dmp

Filesize
1.6MB

Download
memory/4716-166-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4716-161-0x0000000000000000-mapping.dmp

Download
memory/4716-176-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4716-179-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4716-164-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4724-4769-0x0000000000000000-mapping.dmp

Download
memory/4740-180-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-175-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-170-0x0000000000000000-mapping.dmp

Download
memory/4740-187-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-184-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-480-0x0000000005750000-0x0000000005964000-memory.dmp

Filesize
2.1MB

Download
memory/4740-308-0x00000000004C0000-0x00000000004E6000-memory.dmp

Filesize
152KB

Download
memory/5080-937-0x0000000007560000-0x00000000075C6000-memory.dmp

Filesize
408KB

Download
memory/5080-1128-0x0000000008D40000-0x0000000008D5A000-memory.dmp

Filesize
104KB

Download
memory/5080-998-0x0000000007F80000-0x0000000007FF6000-memory.dmp

Filesize
472KB

Download
memory/5080-971-0x0000000007860000-0x00000000078AB000-memory.dmp

Filesize
300KB

Download
memory/5080-964-0x0000000007730000-0x000000000774C000-memory.dmp

Filesize
112KB

Download
memory/5080-784-0x0000000006E10000-0x0000000007438000-memory.dmp

Filesize
6.2MB

Download
memory/5080-763-0x00000000067A0000-0x00000000067D6000-memory.dmp

Filesize
216KB

Download
memory/5080-941-0x00000000078D0000-0x0000000007936000-memory.dmp

Filesize
408KB

Download
memory/5080-591-0x0000000000000000-mapping.dmp

Download
memory/5080-1124-0x00000000093C0000-0x0000000009A38000-memory.dmp

Filesize
6.5MB

Download