af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145

Analysis

max time kernel
249s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
Size

200KB
MD5

1a6958de8fae26b22c38a93dacc06196
SHA1

c7928373754103a6aecc6db7d66885f780940d47
SHA256

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145
SHA512

be31fb494338cc5dfd90b7b99c31da585e20e73bccd8fa4dc154e237b44b914223d045587b186bbc6a6ce57deeae70f781c51bb92dd06953cb61b8075d3ab514
SSDEEP

3072:RqyJhVQ9jyBCSxcOV0ZFqqb1pv3ZPoI/JdCgl+Kx/7BEJQZoomnnNtZ4:Xs+BcOV0rqqhR3VoI/fCgbx7BEJQ0

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

ymbi.exeymbi.exe

pid process

780 ymbi.exe
916 ymbi.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2020 cmd.exe

pid	process
780	ymbi.exe
916	ymbi.exe

pid	process
2020	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe

pid	process
1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

ymbi.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows\Currentversion\Run	ymbi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows\CurrentVersion\Run\{F3EBFA38-C917-B0B9-0298-3CF91EF6097C} = "C:\\Users\\Admin\\AppData\\Roaming\\Ydmo\\ymbi.exe"	ymbi.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exeymbi.exe

description	pid	process	target process
PID 1032 set thread context of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 780 set thread context of 916	780	ymbi.exe	ymbi.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Privacy	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

Processes:

ymbi.exe

pid	process
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe
916	ymbi.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe

description	pid	process
Token: SeSecurityPrivilege	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
Token: SeSecurityPrivilege	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
Token: SeSecurityPrivilege	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exeymbi.exe

pid process

1032 af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
780 ymbi.exe

pid	process
1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
780	ymbi.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exeaf81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exeymbi.exeymbi.exe

description	pid	process	target process
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1032 wrote to memory of 1536	1032	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 1536 wrote to memory of 780	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	ymbi.exe
PID 1536 wrote to memory of 780	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	ymbi.exe
PID 1536 wrote to memory of 780	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	ymbi.exe
PID 1536 wrote to memory of 780	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 780 wrote to memory of 916	780	ymbi.exe	ymbi.exe
PID 916 wrote to memory of 1140	916	ymbi.exe	taskhost.exe
PID 916 wrote to memory of 1140	916	ymbi.exe	taskhost.exe
PID 916 wrote to memory of 1140	916	ymbi.exe	taskhost.exe
PID 916 wrote to memory of 1140	916	ymbi.exe	taskhost.exe
PID 916 wrote to memory of 1140	916	ymbi.exe	taskhost.exe
PID 916 wrote to memory of 1200	916	ymbi.exe	Dwm.exe
PID 916 wrote to memory of 1200	916	ymbi.exe	Dwm.exe
PID 916 wrote to memory of 1200	916	ymbi.exe	Dwm.exe
PID 916 wrote to memory of 1200	916	ymbi.exe	Dwm.exe
PID 916 wrote to memory of 1200	916	ymbi.exe	Dwm.exe
PID 916 wrote to memory of 1264	916	ymbi.exe	Explorer.EXE
PID 916 wrote to memory of 1264	916	ymbi.exe	Explorer.EXE
PID 916 wrote to memory of 1264	916	ymbi.exe	Explorer.EXE
PID 916 wrote to memory of 1264	916	ymbi.exe	Explorer.EXE
PID 916 wrote to memory of 1264	916	ymbi.exe	Explorer.EXE
PID 916 wrote to memory of 1536	916	ymbi.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 916 wrote to memory of 1536	916	ymbi.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 916 wrote to memory of 1536	916	ymbi.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 916 wrote to memory of 1536	916	ymbi.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 916 wrote to memory of 1536	916	ymbi.exe	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
PID 916 wrote to memory of 2020	916	ymbi.exe	cmd.exe
PID 916 wrote to memory of 2020	916	ymbi.exe	cmd.exe
PID 916 wrote to memory of 2020	916	ymbi.exe	cmd.exe
PID 916 wrote to memory of 2020	916	ymbi.exe	cmd.exe
PID 916 wrote to memory of 2020	916	ymbi.exe	cmd.exe
PID 1536 wrote to memory of 2020	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	cmd.exe
PID 1536 wrote to memory of 2020	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	cmd.exe
PID 1536 wrote to memory of 2020	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	cmd.exe
PID 1536 wrote to memory of 2020	1536	af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe	cmd.exe
PID 916 wrote to memory of 1332	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1332	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1332	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1332	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1332	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1220	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1220	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1220	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1220	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 1220	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 952	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 952	916	ymbi.exe	DllHost.exe
PID 916 wrote to memory of 952	916	ymbi.exe	DllHost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
"C:\Users\Admin\AppData\Local\Temp\af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Temp\af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe
"C:\Users\Admin\AppData\Local\Temp\af81f0168995870867c314cdd601213fb4b8d669e98b981e40f662e2ab9b0145.exe"
3⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1536

C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe
"C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:780

C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe
"C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:916

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp71ce699d.bat"
4⤵
- Deletes itself
PID:2020

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1200

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1140

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1332

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1220

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp71ce699d.bat

Filesize
307B

MD5
0d3cbcf3f8ff0486de868cd64c762dfa

SHA1
f9357e08134fc20cc517fcf8008c5cf7631f5371

SHA256
9b82cc29f987d109b28e98e69fee19be6e9028ed7f69328e12de91620f3f7969

SHA512
c83b786fefb135961398e1e9a08c1b774506335dacf133bee23b763aa59a62a133465eb97ce930d824360610a439df10be5ef5101656116b2127589480eebaae

Download Submit
C:\Users\Admin\AppData\Roaming\Vyim\ivig.wui

Filesize
398B

MD5
1f3fc894c2963fef99ba9ff8ed78ce78

SHA1
a1d81eb96319ef70f9e71e459e7cf89ba8d9ae2d

SHA256
03badb2ea742411fae0b98736dd84b70a41a5f7ef1a3b93f41daec993d1e069a

SHA512
2f6c4be82751c9540b54ed2e0551282337cc49c07df0bbfb4be39a6c8f695f7028262fdfb785a857497664e9a96197e222d55dc352b4b170426a6d39f0ed374c

Download Submit
C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe

Filesize
200KB

MD5
bb4714ab0e92e5447c226f9af327804b

SHA1
937f5a3de90637065cdb76b148f688806c6a8a62

SHA256
aec3ddd38ad5658604721fa6c979c8f242aaa48935adc8df5b657a41059f562e

SHA512
cb19a0fb9ff55618df6d6b33bf3e949c756a7fe3d938b741b10b6f8c0935d982db3d0162ae749188d439f83af203d5def0a5163d3bc7e602745dd9b29e95489f

Download Submit
C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe

Filesize
200KB

MD5
bb4714ab0e92e5447c226f9af327804b

SHA1
937f5a3de90637065cdb76b148f688806c6a8a62

SHA256
aec3ddd38ad5658604721fa6c979c8f242aaa48935adc8df5b657a41059f562e

SHA512
cb19a0fb9ff55618df6d6b33bf3e949c756a7fe3d938b741b10b6f8c0935d982db3d0162ae749188d439f83af203d5def0a5163d3bc7e602745dd9b29e95489f

Download Submit
C:\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe

Filesize
200KB

MD5
bb4714ab0e92e5447c226f9af327804b

SHA1
937f5a3de90637065cdb76b148f688806c6a8a62

SHA256
aec3ddd38ad5658604721fa6c979c8f242aaa48935adc8df5b657a41059f562e

SHA512
cb19a0fb9ff55618df6d6b33bf3e949c756a7fe3d938b741b10b6f8c0935d982db3d0162ae749188d439f83af203d5def0a5163d3bc7e602745dd9b29e95489f

Download Submit
\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe

Filesize
200KB

MD5
bb4714ab0e92e5447c226f9af327804b

SHA1
937f5a3de90637065cdb76b148f688806c6a8a62

SHA256
aec3ddd38ad5658604721fa6c979c8f242aaa48935adc8df5b657a41059f562e

SHA512
cb19a0fb9ff55618df6d6b33bf3e949c756a7fe3d938b741b10b6f8c0935d982db3d0162ae749188d439f83af203d5def0a5163d3bc7e602745dd9b29e95489f

Download Submit
\Users\Admin\AppData\Roaming\Ydmo\ymbi.exe

Filesize
200KB

MD5
bb4714ab0e92e5447c226f9af327804b

SHA1
937f5a3de90637065cdb76b148f688806c6a8a62

SHA256
aec3ddd38ad5658604721fa6c979c8f242aaa48935adc8df5b657a41059f562e

SHA512
cb19a0fb9ff55618df6d6b33bf3e949c756a7fe3d938b741b10b6f8c0935d982db3d0162ae749188d439f83af203d5def0a5163d3bc7e602745dd9b29e95489f

Download Submit
memory/780-66-0x0000000000000000-mapping.dmp

Download
memory/780-70-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/780-75-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/916-73-0x0000000000413048-mapping.dmp

Download
memory/916-102-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/916-115-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/952-132-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/952-133-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/952-131-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/952-130-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/1032-56-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1032-60-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1140-78-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1140-83-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1140-82-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1140-81-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1140-80-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1200-86-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1200-87-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1200-88-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1200-89-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1220-124-0x0000000000410000-0x0000000000437000-memory.dmp

Filesize
156KB

Download
memory/1220-125-0x0000000000410000-0x0000000000437000-memory.dmp

Filesize
156KB

Download
memory/1220-126-0x0000000000410000-0x0000000000437000-memory.dmp

Filesize
156KB

Download
memory/1220-127-0x0000000000410000-0x0000000000437000-memory.dmp

Filesize
156KB

Download
memory/1264-95-0x0000000002AE0000-0x0000000002B07000-memory.dmp

Filesize
156KB

Download
memory/1264-94-0x0000000002AE0000-0x0000000002B07000-memory.dmp

Filesize
156KB

Download
memory/1264-92-0x0000000002AE0000-0x0000000002B07000-memory.dmp

Filesize
156KB

Download
memory/1264-93-0x0000000002AE0000-0x0000000002B07000-memory.dmp

Filesize
156KB

Download
memory/1332-118-0x0000000001DD0000-0x0000000001DF7000-memory.dmp

Filesize
156KB

Download
memory/1332-119-0x0000000001DD0000-0x0000000001DF7000-memory.dmp

Filesize
156KB

Download
memory/1332-121-0x0000000001DD0000-0x0000000001DF7000-memory.dmp

Filesize
156KB

Download
memory/1332-120-0x0000000001DD0000-0x0000000001DF7000-memory.dmp

Filesize
156KB

Download
memory/1536-113-0x00000000003D0000-0x00000000003F7000-memory.dmp

Filesize
156KB

Download
memory/1536-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1536-57-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1536-99-0x00000000003D0000-0x00000000003F7000-memory.dmp

Filesize
156KB

Download
memory/1536-98-0x00000000003D0000-0x00000000003F7000-memory.dmp

Filesize
156KB

Download
memory/1536-101-0x00000000003D0000-0x00000000003F7000-memory.dmp

Filesize
156KB

Download
memory/1536-100-0x00000000003D0000-0x00000000003F7000-memory.dmp

Filesize
156KB

Download
memory/1536-58-0x0000000000413048-mapping.dmp

Download
memory/1536-61-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1536-112-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1536-63-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1536-103-0x00000000003D0000-0x00000000003F7000-memory.dmp

Filesize
156KB

Download
memory/2020-108-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/2020-109-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/2020-106-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/2020-110-0x0000000000000000-mapping.dmp

Download
memory/2020-107-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download