joker | c39c246ebb7f5386f1733f16f87cfff43e44b443ac3bcefab807dc2268ea6788

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2022 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62540809831ac4f0c48cb25cc71d0837.exe
Size

2.0MB
MD5

62540809831ac4f0c48cb25cc71d0837
SHA1

217e3ba4ddf575b5eefe85c7fe680098e10343ec
SHA256

c39c246ebb7f5386f1733f16f87cfff43e44b443ac3bcefab807dc2268ea6788
SHA512

2fc0c84a752b173797d757166a07b51322f24f260d0153fc4eebc7330b4cecddd564dc9dc0385961a2dd68e3dfdcc5aa8e112e96a1541d1162cadf6381671fdf
SSDEEP

49152:nnsHyjtk2MYC5GD/QwtUEB4WdXLLs8BE4c1yU:nnsmtk2aTwtXDHxE4qyU

Score

10^/10

joker bootkit infostealer persistence trojan upx

Malware Config

Extracted

Family

joker

http://guup.oss-cn-qingdao.aliyuncs.com

https://gutou.oss-cn-beijing.aliyuncs.com

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker
Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe
4356	Synaptics.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
1372	Bugreport-655840.dll

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000022e1e-134.dat	upx
behavioral2/files/0x0006000000022e1e-133.dat	upx
behavioral2/memory/4156-136-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-135-0x0000000000400000-0x0000000000807200-memory.dmp	upx
behavioral2/memory/4156-139-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-143-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-138-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-145-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-149-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-147-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-151-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-153-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-155-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-157-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-159-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-161-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-163-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-165-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-167-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-169-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-171-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-173-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-176-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-178-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-180-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-182-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-183-0x00000000026C0000-0x0000000002732000-memory.dmp	upx
behavioral2/memory/4156-184-0x00000000026C0000-0x0000000002732000-memory.dmp	upx
behavioral2/memory/4156-193-0x0000000000400000-0x0000000000807200-memory.dmp	upx
behavioral2/memory/4156-194-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-197-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-200-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4156-198-0x0000000000400000-0x0000000000807200-memory.dmp	upx
behavioral2/memory/2144-201-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-203-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-205-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-207-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-209-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-211-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/2144-244-0x00000000026C0000-0x0000000002732000-memory.dmp	upx
behavioral2/memory/2144-246-0x0000000010000000-0x000000001003F000-memory.dmp	upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	62540809831ac4f0c48cb25cc71d0837.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	._cache_62540809831ac4f0c48cb25cc71d0837.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	62540809831ac4f0c48cb25cc71d0837.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	._cache_62540809831ac4f0c48cb25cc71d0837.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

N/A. 7 IoCs

N/A.

dropper

resource	yara_rule
behavioral2/memory/4156-135-0x0000000000400000-0x0000000000807200-memory.dmp	dropper_html
behavioral2/memory/4156-193-0x0000000000400000-0x0000000000807200-memory.dmp	dropper_html
behavioral2/files/0x0006000000022e29-196.dat	dropper_html
behavioral2/files/0x0006000000022e29-199.dat	dropper_html
behavioral2/memory/4156-198-0x0000000000400000-0x0000000000807200-memory.dmp	dropper_html
behavioral2/memory/2144-245-0x0000000000400000-0x00000000007FD000-memory.dmp	dropper_html
behavioral2/memory/2144-252-0x0000000000400000-0x00000000007FD000-memory.dmp	dropper_html

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	62540809831ac4f0c48cb25cc71d0837.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
792	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe
4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe
4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe
4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe
792	EXCEL.EXE
792	EXCEL.EXE
792	EXCEL.EXE
792	EXCEL.EXE
792	EXCEL.EXE
792	EXCEL.EXE
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe
1372	Bugreport-655840.dll

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 4156	1216	62540809831ac4f0c48cb25cc71d0837.exe	83
PID 1216 wrote to memory of 4156	1216	62540809831ac4f0c48cb25cc71d0837.exe	83
PID 1216 wrote to memory of 4156	1216	62540809831ac4f0c48cb25cc71d0837.exe	83
PID 1216 wrote to memory of 4356	1216	62540809831ac4f0c48cb25cc71d0837.exe	84
PID 1216 wrote to memory of 4356	1216	62540809831ac4f0c48cb25cc71d0837.exe	84
PID 1216 wrote to memory of 4356	1216	62540809831ac4f0c48cb25cc71d0837.exe	84
PID 4156 wrote to memory of 2144	4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe	97
PID 4156 wrote to memory of 2144	4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe	97
PID 4156 wrote to memory of 2144	4156	._cache_62540809831ac4f0c48cb25cc71d0837.exe	97
PID 2144 wrote to memory of 1372	2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe	101
PID 2144 wrote to memory of 1372	2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe	101
PID 2144 wrote to memory of 1372	2144	._cache_62540809831ac4f0c48cb25cc71d0837.exe	101

C:\Users\Admin\AppData\Local\Temp\62540809831ac4f0c48cb25cc71d0837.exe
"C:\Users\Admin\AppData\Local\Temp\62540809831ac4f0c48cb25cc71d0837.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4156
- - C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe" ÃüÁîÆô¶¯
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\data\Bugreport-655840.dll
      C:\Users\Admin\AppData\Local\Temp\data\Bugreport-655840.dll Bugreport %E7%A7%92%E8%AF%84%E7%A7%92%20
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1372
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  PID:4356

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
753KB

MD5
f0d6f7620693fadae8964ac7a92bb0da

SHA1
863d1a064ffd90067487c426269959acf41a0559

SHA256
63b777a4a82c46a04288b3e8b005bbe9f4c3f08b16b2c09fed9ec8492176db65

SHA512
756678b26b38c1d4640e38f9cffef7386eb536a60b60cd19798337bb9688b2cd14bfe6192be53994cca20fe5d9439262ce425b8b907495c0069d485ab834ceda

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
753KB

MD5
f0d6f7620693fadae8964ac7a92bb0da

SHA1
863d1a064ffd90067487c426269959acf41a0559

SHA256
63b777a4a82c46a04288b3e8b005bbe9f4c3f08b16b2c09fed9ec8492176db65

SHA512
756678b26b38c1d4640e38f9cffef7386eb536a60b60cd19798337bb9688b2cd14bfe6192be53994cca20fe5d9439262ce425b8b907495c0069d485ab834ceda

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe

Filesize
1.2MB

MD5
1b58e13a7e221f046ce2fff64c1fd9d9

SHA1
f56397b1f630ae4f9d63b6c79a20b31ba5759742

SHA256
7135f99452ec0ab61bbbf1936de001a5696f0842a89fd578562fa4c96d89e27e

SHA512
e37e1438b0bc3b5dec7ab8ba9faef546b2ec804117a4cadf95ceac1aa5ec7baebc5867dcb2c1a9a9f3dad3aa489ad4e03bd3fe594cc0d2b3ab4d9ad8555b9119

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe

Filesize
1.2MB

MD5
1b58e13a7e221f046ce2fff64c1fd9d9

SHA1
f56397b1f630ae4f9d63b6c79a20b31ba5759742

SHA256
7135f99452ec0ab61bbbf1936de001a5696f0842a89fd578562fa4c96d89e27e

SHA512
e37e1438b0bc3b5dec7ab8ba9faef546b2ec804117a4cadf95ceac1aa5ec7baebc5867dcb2c1a9a9f3dad3aa489ad4e03bd3fe594cc0d2b3ab4d9ad8555b9119

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe

Filesize
3.3MB

MD5
65f265ac4e76c5e76dc29c6b6073dceb

SHA1
5f6be73e42332c0557a14607785c555809ca7b4d

SHA256
e5accf6f73da12fe622465d24a6dd9a1635f2121a632b41710c0ff237a814243

SHA512
c00c6254bb3c3f6cd718a023f41994721d57ce2206e6060eacf3125b74ce96d068a502f32b3cd93603e82b9b84ada6c564e2e960ebf1ebb1b213face0abde201

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_62540809831ac4f0c48cb25cc71d0837.exe

Filesize
3.3MB

MD5
65f265ac4e76c5e76dc29c6b6073dceb

SHA1
5f6be73e42332c0557a14607785c555809ca7b4d

SHA256
e5accf6f73da12fe622465d24a6dd9a1635f2121a632b41710c0ff237a814243

SHA512
c00c6254bb3c3f6cd718a023f41994721d57ce2206e6060eacf3125b74ce96d068a502f32b3cd93603e82b9b84ada6c564e2e960ebf1ebb1b213face0abde201

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d2OKiXO.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\Bugreport-655840.dll

Filesize
164KB

MD5
64079dfdd179c3799bfd652ad155bd26

SHA1
b02ba7e29d3a5a85a1417bcac3dc4a82c614d1fa

SHA256
a21416d2bfa0476b965e98eef6551d54094cbc7bc34d43dd222434c56df1cbb2

SHA512
02df3dedd6bbbf256ff98871401e217c4d234f2a30c9470d14c52f86a8cef4384e1f0a9f0389e96e5f9a22ebb7f29b05d9dfc395e3231dc153da6b77e176de29

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\Bugreport-655840.dll

Filesize
164KB

MD5
64079dfdd179c3799bfd652ad155bd26

SHA1
b02ba7e29d3a5a85a1417bcac3dc4a82c614d1fa

SHA256
a21416d2bfa0476b965e98eef6551d54094cbc7bc34d43dd222434c56df1cbb2

SHA512
02df3dedd6bbbf256ff98871401e217c4d234f2a30c9470d14c52f86a8cef4384e1f0a9f0389e96e5f9a22ebb7f29b05d9dfc395e3231dc153da6b77e176de29

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\Bugreport.ini

Filesize
81B

MD5
964efc46dc78bc18a767bc7c8dad2361

SHA1
35ee870b7ce742041977024cafe08ce9e6a40815

SHA256
90f3e3c0a228aa380f0fe77d41e494362a3d38168b56288f35f00c947468acc7

SHA512
d80631bb8046ed53e5eac1efb678b29549c17a6d40f93c2f5b31d6af456d5f67c55c72b11b9c15197d000e6c08d7f9f6b74693f3e3306c962c5024f80016a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gzip.dll

Filesize
29KB

MD5
8b3591965f623b219c0c528153746cab

SHA1
020961494fa0e08779b7aacf4422269935354f7d

SHA256
97ea3d99cf21123bc1aec72f9ded6a51ac659830392adfefd424eb799ab0219e

SHA512
6e547197d160c9ec13cf2384add1bb6753276e3dab97d951adba9257d6bf999720635a7b9d94a5ca8b94bdda2f25f36c5938d126bc3e46a358e1fad072132351

Download Submit
memory/792-185-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmp

Filesize
64KB

Download
memory/792-191-0x00007FF8A76C0000-0x00007FF8A76D0000-memory.dmp

Filesize
64KB

Download
memory/792-190-0x00007FF8A76C0000-0x00007FF8A76D0000-memory.dmp

Filesize
64KB

Download
memory/792-189-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmp

Filesize
64KB

Download
memory/792-188-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmp

Filesize
64KB

Download
memory/792-187-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmp

Filesize
64KB

Download
memory/792-186-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmp

Filesize
64KB

Download
memory/1372-251-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2144-203-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-252-0x0000000000400000-0x00000000007FD000-memory.dmp

Filesize
4.0MB

Download
memory/2144-245-0x0000000000400000-0x00000000007FD000-memory.dmp

Filesize
4.0MB

Download
memory/2144-246-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-244-0x00000000026C0000-0x0000000002732000-memory.dmp

Filesize
456KB

Download
memory/2144-211-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-209-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-207-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-205-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-201-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-200-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/2144-197-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-184-0x00000000026C0000-0x0000000002732000-memory.dmp

Filesize
456KB

Download
memory/4156-183-0x00000000026C0000-0x0000000002732000-memory.dmp

Filesize
456KB

Download
memory/4156-157-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-155-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-153-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-151-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-147-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-193-0x0000000000400000-0x0000000000807200-memory.dmp

Filesize
4.0MB

Download
memory/4156-194-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-161-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-149-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-163-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-145-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-165-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-198-0x0000000000400000-0x0000000000807200-memory.dmp

Filesize
4.0MB

Download
memory/4156-159-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-182-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-180-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-178-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-176-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-167-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-173-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-171-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-169-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-138-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-143-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-139-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4156-135-0x0000000000400000-0x0000000000807200-memory.dmp

Filesize
4.0MB

Download
memory/4156-136-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download