systembc | ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

Analysis

max time kernel
254s
max time network
297s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
24-09-2022 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe
Size

246KB
MD5

e6315c0db5f71599df36d466d4a625cc
SHA1

d5c3975b8eee303d5dc5d5f273c59ba4d810bc23
SHA256

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2
SHA512

6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0
SSDEEP

3072:igrSLIRLP9sEd7LyJLRRY5cjM2P9Q85i8u0TRki1duyuybAugRv8P3wbbD03QN4k:xLW/4j8u0TjcYYRg3CAQN4Ap

Score

10^/10

systembc persistence spyware stealer trojan upx

Malware Config

Extracted

Family

systembc

109.107.187.226:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Downloads MZ/PE file

Executes dropped EXE 10 IoCs

Processes:

rovwer.exesocksupd.exerovwer.exewinupdater.exelbil.exerovwer.exelbil.exerovwer.exerovwer.exerovwer.exe

pid	process
1836	rovwer.exe
4944	socksupd.exe
3032	rovwer.exe
4492	winupdater.exe
4504	lbil.exe
2488	rovwer.exe
2764	lbil.exe
4848	rovwer.exe
5108	rovwer.exe
4416	rovwer.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\1000004001\winupdater.exe	upx
C:\Users\Admin\AppData\Local\Temp\1000004001\winupdater.exe	upx
behavioral2/memory/4492-335-0x00000000001B0000-0x000000000144F000-memory.dmp	upx
behavioral2/memory/4492-416-0x00000000001B0000-0x000000000144F000-memory.dmp	upx
behavioral2/memory/4492-435-0x00000000001B0000-0x000000000144F000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

rovwer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Windows\CurrentVersion\Run\socksupd.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000003001\\socksupd.exe"	rovwer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000004001\\winupdater.exe"	rovwer.exe

Drops file in Windows directory 2 IoCs

Processes:

socksupd.exe

description ioc process

File created C:\Windows\Tasks\lbil.job socksupd.exe
File opened for modification C:\Windows\Tasks\lbil.job socksupd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1224 schtasks.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

socksupd.exepowershell.exe

pid process

4944 socksupd.exe
4944 socksupd.exe
4220 powershell.exe
4220 powershell.exe
4220 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 4220 powershell.exe

description	ioc	process
File created	C:\Windows\Tasks\lbil.job	socksupd.exe
File opened for modification	C:\Windows\Tasks\lbil.job	socksupd.exe

pid	process
1224	schtasks.exe

pid	process
4944	socksupd.exe
4944	socksupd.exe
4220	powershell.exe
4220	powershell.exe
4220	powershell.exe

description	pid	process
Token: SeDebugPrivilege	4220	powershell.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exerovwer.exewinupdater.exe

description	pid	process	target process
PID 2684 wrote to memory of 1836	2684	ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe	rovwer.exe
PID 2684 wrote to memory of 1836	2684	ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe	rovwer.exe
PID 2684 wrote to memory of 1836	2684	ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe	rovwer.exe
PID 1836 wrote to memory of 1224	1836	rovwer.exe	schtasks.exe
PID 1836 wrote to memory of 1224	1836	rovwer.exe	schtasks.exe
PID 1836 wrote to memory of 1224	1836	rovwer.exe	schtasks.exe
PID 1836 wrote to memory of 4944	1836	rovwer.exe	socksupd.exe
PID 1836 wrote to memory of 4944	1836	rovwer.exe	socksupd.exe
PID 1836 wrote to memory of 4944	1836	rovwer.exe	socksupd.exe
PID 1836 wrote to memory of 4492	1836	rovwer.exe	winupdater.exe
PID 1836 wrote to memory of 4492	1836	rovwer.exe	winupdater.exe
PID 4492 wrote to memory of 4220	4492	winupdater.exe	powershell.exe
PID 4492 wrote to memory of 4220	4492	winupdater.exe	powershell.exe

C:\Users\Admin\AppData\Local\Temp\ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe
"C:\Users\Admin\AppData\Local\Temp\ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
"C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN rovwer.exe /TR "C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe" /F
3⤵
- Creates scheduled task(s)
PID:1224

C:\Users\Admin\AppData\Local\Temp\1000003001\socksupd.exe
"C:\Users\Admin\AppData\Local\Temp\1000003001\socksupd.exe"
3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4944

C:\Users\Admin\AppData\Local\Temp\1000004001\winupdater.exe
"C:\Users\Admin\AppData\Local\Temp\1000004001\winupdater.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4492

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "" "Get-WmiObject Win32_PortConnector"
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4220

C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
1⤵
- Executes dropped EXE
PID:3032

C:\ProgramData\xsfgtxa\lbil.exe
C:\ProgramData\xsfgtxa\lbil.exe start2
1⤵
- Executes dropped EXE
PID:4504

C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
1⤵
- Executes dropped EXE
PID:2488

C:\ProgramData\xsfgtxa\lbil.exe
C:\ProgramData\xsfgtxa\lbil.exe start2
1⤵
- Executes dropped EXE
PID:2764

C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
1⤵
- Executes dropped EXE
PID:4848

C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
1⤵
- Executes dropped EXE
PID:5108

C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
1⤵
- Executes dropped EXE
PID:4416

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\xsfgtxa\lbil.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\ProgramData\xsfgtxa\lbil.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\ProgramData\xsfgtxa\lbil.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000003001\socksupd.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000003001\socksupd.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000004001\winupdater.exe
Filesize
5.1MB

MD5
41bc228717c87799ec41f178ad2cfbbf

SHA1
3edef885988004a575dbbfac2d7a9849f93837d9

SHA256
a2b44911354d50d59e5e0b93bf5857353ec6598d71f37e2dc3053fa48e6b9e5b

SHA512
d98e9b3606ab7be9bd12027529fe3cfef81a7dd2696641439f35046770c744a72afe28c46a4c3154022c44c5915216d8e86f1d7bef853fa28a4e2b82361fd918

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000004001\winupdater.exe
Filesize
5.1MB

MD5
41bc228717c87799ec41f178ad2cfbbf

SHA1
3edef885988004a575dbbfac2d7a9849f93837d9

SHA256
a2b44911354d50d59e5e0b93bf5857353ec6598d71f37e2dc3053fa48e6b9e5b

SHA512
d98e9b3606ab7be9bd12027529fe3cfef81a7dd2696641439f35046770c744a72afe28c46a4c3154022c44c5915216d8e86f1d7bef853fa28a4e2b82361fd918

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b3f32abb88\rovwer.exe
Filesize
246KB

MD5
e6315c0db5f71599df36d466d4a625cc

SHA1
d5c3975b8eee303d5dc5d5f273c59ba4d810bc23

SHA256
ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2

SHA512
6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0

Download Submit
memory/1224-221-0x0000000000000000-mapping.dmp

Download
memory/1836-358-0x00000000005F0000-0x000000000073A000-memory.dmp

Filesize
1.3MB

Download
memory/1836-179-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-223-0x00000000005F0000-0x000000000073A000-memory.dmp

Filesize
1.3MB

Download
memory/1836-226-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/1836-222-0x00000000005F0000-0x000000000073A000-memory.dmp

Filesize
1.3MB

Download
memory/1836-172-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-189-0x0000000000726000-0x0000000000743000-memory.dmp

Filesize
116KB

Download
memory/1836-191-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-190-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-168-0x0000000000000000-mapping.dmp

Download
memory/1836-357-0x00000000005F0000-0x000000000073A000-memory.dmp

Filesize
1.3MB

Download
memory/1836-170-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-178-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-359-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/1836-181-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-182-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-184-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-187-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-188-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-185-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-186-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-183-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-174-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-177-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1836-176-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2488-471-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/2684-142-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-151-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-163-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-162-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-165-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-164-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-166-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-167-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-171-0x0000000000866000-0x0000000000883000-memory.dmp

Filesize
116KB

Download
memory/2684-160-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/2684-159-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-134-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-175-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/2684-158-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-156-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-157-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-154-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-155-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-153-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-135-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-137-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-139-0x0000000000866000-0x0000000000883000-memory.dmp

Filesize
116KB

Download
memory/2684-120-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-144-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-145-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-173-0x0000000000810000-0x0000000000848000-memory.dmp

Filesize
224KB

Download
memory/2684-146-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-149-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-152-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-161-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-150-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-148-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-147-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-143-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-140-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-141-0x0000000000810000-0x0000000000848000-memory.dmp

Filesize
224KB

Download
memory/2684-138-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-121-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-136-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-119-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-127-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-126-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-123-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-125-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-132-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-124-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-129-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-122-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-131-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-133-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-128-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2684-130-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/2764-513-0x00000000001E0000-0x00000000001E5000-memory.dmp

Filesize
20KB

Download
memory/2764-511-0x000000000071C000-0x000000000072C000-memory.dmp

Filesize
64KB

Download
memory/2764-550-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/2764-551-0x000000000071C000-0x000000000072C000-memory.dmp

Filesize
64KB

Download
memory/3032-356-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/3032-355-0x000000000083C000-0x0000000000858000-memory.dmp

Filesize
112KB

Download
memory/4220-424-0x000001C9465E0000-0x000001C946602000-memory.dmp

Filesize
136KB

Download
memory/4220-417-0x0000000000000000-mapping.dmp

Download
memory/4220-427-0x000001C946790000-0x000001C946806000-memory.dmp

Filesize
472KB

Download
memory/4416-622-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/4492-335-0x00000000001B0000-0x000000000144F000-memory.dmp

Filesize
18.6MB

Download
memory/4492-435-0x00000000001B0000-0x000000000144F000-memory.dmp

Filesize
18.6MB

Download
memory/4492-416-0x00000000001B0000-0x000000000144F000-memory.dmp

Filesize
18.6MB

Download
memory/4492-332-0x0000000000000000-mapping.dmp

Download
memory/4504-414-0x0000000000630000-0x000000000077A000-memory.dmp

Filesize
1.3MB

Download
memory/4504-415-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/4504-436-0x0000000000630000-0x000000000077A000-memory.dmp

Filesize
1.3MB

Download
memory/4848-548-0x000000000080B000-0x0000000000828000-memory.dmp

Filesize
116KB

Download
memory/4848-549-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download
memory/4944-378-0x0000000000590000-0x000000000063E000-memory.dmp

Filesize
696KB

Download
memory/4944-316-0x00000000006E0000-0x00000000006E5000-memory.dmp

Filesize
20KB

Download
memory/4944-317-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/4944-269-0x0000000000000000-mapping.dmp

Download
memory/4944-315-0x0000000000590000-0x000000000063E000-memory.dmp

Filesize
696KB

Download
memory/5108-587-0x0000000000400000-0x0000000000597000-memory.dmp

Filesize
1.6MB

Download