3b3f2716705df84738551d92feacc82c90afedff0bd823053e4e46848d2a3b7f

Analysis

max time kernel
150s
max time network
122s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
09-12-2022 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.exe
Size

867KB
MD5

a451c909421cad8d940d100f2bfc4651
SHA1

97df30202fa0ae5a2366d0bef6ed415bdad3f2a2
SHA256

3b3f2716705df84738551d92feacc82c90afedff0bd823053e4e46848d2a3b7f
SHA512

5a2b8225eb7107fc77f6f6dd350b455de620ee7c4e3eecc65b1fe183bbf8a3d825510f18abca1d5c3a0c1f5d6f7ec8b2cff1e42f8944142c5a6cc70be47d1c0f
SSDEEP

12288:rrF5UskuwSU/FbrrOLyvs6DvFY7y2lmFjtTshX4WeQ0aFUA2UK7gW:rrjxwhGLKsUFUbWOiG5xK79

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Z1U5R075Y8.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Z1U5R075Y8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\w9k7l4ynd1d = "C:\\Users\\Admin\\AppData\\Roaming\\wza27pqp0c19\\w9k7l4ynd1d.exe"	Z1U5R075Y8.exe

Executes dropped EXE 3 IoCs

Processes:

w9k7l4ynd1d.exeZ1U5R075Y8.exeB1NI31Y4IV8UEQUQ7I240QIR.exe

pid process

3500 w9k7l4ynd1d.exe
5016 Z1U5R075Y8.exe
4320 B1NI31Y4IV8UEQUQ7I240QIR.exe
Loads dropped DLL 3 IoCs

Processes:

w9k7l4ynd1d.exeZ1U5R075Y8.exeB1NI31Y4IV8UEQUQ7I240QIR.exe

pid process

3500 w9k7l4ynd1d.exe
5016 Z1U5R075Y8.exe
4320 B1NI31Y4IV8UEQUQ7I240QIR.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

w9k7l4ynd1d.exeZ1U5R075Y8.exeB1NI31Y4IV8UEQUQ7I240QIR.exe

pid	process
3500	w9k7l4ynd1d.exe
3500	w9k7l4ynd1d.exe
5016	Z1U5R075Y8.exe
5016	Z1U5R075Y8.exe
5016	Z1U5R075Y8.exe
5016	Z1U5R075Y8.exe
4320	B1NI31Y4IV8UEQUQ7I240QIR.exe
4320	B1NI31Y4IV8UEQUQ7I240QIR.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

w9k7l4ynd1d.exeZ1U5R075Y8.exeB1NI31Y4IV8UEQUQ7I240QIR.exe

description	pid	process
Token: SeDebugPrivilege	3500	w9k7l4ynd1d.exe
Token: SeDebugPrivilege	5016	Z1U5R075Y8.exe
Token: SeDebugPrivilege	4320	B1NI31Y4IV8UEQUQ7I240QIR.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

w9k7l4ynd1d.exeZ1U5R075Y8.exeB1NI31Y4IV8UEQUQ7I240QIR.exe

pid	process
3500	w9k7l4ynd1d.exe
3500	w9k7l4ynd1d.exe
3500	w9k7l4ynd1d.exe
3500	w9k7l4ynd1d.exe
5016	Z1U5R075Y8.exe
5016	Z1U5R075Y8.exe
5016	Z1U5R075Y8.exe
5016	Z1U5R075Y8.exe
4320	B1NI31Y4IV8UEQUQ7I240QIR.exe
4320	B1NI31Y4IV8UEQUQ7I240QIR.exe
4320	B1NI31Y4IV8UEQUQ7I240QIR.exe
4320	B1NI31Y4IV8UEQUQ7I240QIR.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

1.exew9k7l4ynd1d.exeZ1U5R075Y8.exe

description	pid	process	target process
PID 2976 wrote to memory of 3500	2976	1.exe	w9k7l4ynd1d.exe
PID 2976 wrote to memory of 3500	2976	1.exe	w9k7l4ynd1d.exe
PID 2976 wrote to memory of 3500	2976	1.exe	w9k7l4ynd1d.exe
PID 3500 wrote to memory of 5016	3500	w9k7l4ynd1d.exe	Z1U5R075Y8.exe
PID 3500 wrote to memory of 5016	3500	w9k7l4ynd1d.exe	Z1U5R075Y8.exe
PID 3500 wrote to memory of 5016	3500	w9k7l4ynd1d.exe	Z1U5R075Y8.exe
PID 5016 wrote to memory of 4320	5016	Z1U5R075Y8.exe	B1NI31Y4IV8UEQUQ7I240QIR.exe
PID 5016 wrote to memory of 4320	5016	Z1U5R075Y8.exe	B1NI31Y4IV8UEQUQ7I240QIR.exe
PID 5016 wrote to memory of 4320	5016	Z1U5R075Y8.exe	B1NI31Y4IV8UEQUQ7I240QIR.exe

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976

C:\Users\Admin\AppData\Roaming\wza27pqp0c19\w9k7l4ynd1d.exe
C:\Users\Admin\AppData\Roaming\wza27pqp0c19\w9k7l4ynd1d.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3500

C:\Users\Admin\AppData\Local\Temp\79Q696F\Z1U5R075Y8.exe
433A5C55736572735C41646D696E5C417070446174615C526F616D696E675C777A613237707170306331395C77396B376C34796E6431642E657865
3⤵
- Adds policy Run key to start application
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5016

C:\Users\Admin\AppData\Local\Temp\79Q696F\B1NI31Y4IV8UEQUQ7I240QIR.exe
433A5C55736572735C41646D696E5C417070446174615C526F616D696E675C777A613237707170306331395C77396B376C34796E6431642E657865
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\078BFBFF000306D2

Filesize
116B

MD5
197ad904ef37d8a7da4311daf098be77

SHA1
7b74c7c59d65be8ec0e3d21f7dc5fed4e98ae3fb

SHA256
18111c45e267068de94bea747da1c475f7e515b3fb61145afb739c3b7a5aa903

SHA512
850ef4aa775a415f4675b5ddeaa762087665cd3acbf6f64a74f93381205bff7622c1e9f423a69ba2b11b565f41dd8af670175905f3380cd8edf02e5c3039b897

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\B1NI31Y4IV8UEQUQ7I240QIR.data

Filesize
246B

MD5
ac7862039b6bf94131e46627a3faad46

SHA1
52db45b4ba7b507f32f6e9f5fca9c4419806cda8

SHA256
17912f609f1f6ed1ace765651750bf4278d548d90da2df299f8b94bffbbd45f3

SHA512
abfdb99ac6dbd67d4067ead4bf1ffd496cb7f82b5e9093068551fc691516495f91111f42501fa85f91b3c90a888eabd8de4792f2269e5befb8ba65d5da093785

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\B1NI31Y4IV8UEQUQ7I240QIR.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\B1NI31Y4IV8UEQUQ7I240QIR.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\Z1U5R075Y8.data

Filesize
158B

MD5
a791cbda0cfb5b7f7245c029fd6dd016

SHA1
e8bdbfd44bddcdd9c5c3b7962c730a317b773a03

SHA256
e073944e92c08d51c618fe4ea1c899ddfaa99e01414edaca89468463bc50eb60

SHA512
2101ac673b5b27b103ebec03edc0ac9c1e1abba719c53ab2132a6ae7d5c992b6d8ed76ba476046b06f47e39d7317a0be0e566423e403ab97d33196a7fbd0aaf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\Z1U5R075Y8.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\Z1U5R075Y8.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\79Q696F\goopdate.dll

Filesize
424KB

MD5
7ac15af25453a3af866795745ab69cd4

SHA1
305bd8a0be224ffb2fbaf321fc26ef04de09b5c7

SHA256
1d0162cf04cd2181874ff9f016b0b6bfca4f4c6557f75a91298b2a761763a99d

SHA512
e79091c0d0a83f08f0eefb093ef3caacf03c8473275fc36ff927cd78b07dbf3402fc7e6ffc7f050d7a2a13c670971507687cb03a274add0d9ed10fd448b2afdb

Download Submit
C:\Users\Admin\AppData\Roaming\wza27pqp0c19\goopdate.dll

Filesize
424KB

MD5
7ac15af25453a3af866795745ab69cd4

SHA1
305bd8a0be224ffb2fbaf321fc26ef04de09b5c7

SHA256
1d0162cf04cd2181874ff9f016b0b6bfca4f4c6557f75a91298b2a761763a99d

SHA512
e79091c0d0a83f08f0eefb093ef3caacf03c8473275fc36ff927cd78b07dbf3402fc7e6ffc7f050d7a2a13c670971507687cb03a274add0d9ed10fd448b2afdb

Download Submit
C:\Users\Admin\AppData\Roaming\wza27pqp0c19\w9k7l4ynd1d.data

Filesize
158B

MD5
a791cbda0cfb5b7f7245c029fd6dd016

SHA1
e8bdbfd44bddcdd9c5c3b7962c730a317b773a03

SHA256
e073944e92c08d51c618fe4ea1c899ddfaa99e01414edaca89468463bc50eb60

SHA512
2101ac673b5b27b103ebec03edc0ac9c1e1abba719c53ab2132a6ae7d5c992b6d8ed76ba476046b06f47e39d7317a0be0e566423e403ab97d33196a7fbd0aaf1

Download Submit
C:\Users\Admin\AppData\Roaming\wza27pqp0c19\w9k7l4ynd1d.data

Filesize
246B

MD5
ac7862039b6bf94131e46627a3faad46

SHA1
52db45b4ba7b507f32f6e9f5fca9c4419806cda8

SHA256
17912f609f1f6ed1ace765651750bf4278d548d90da2df299f8b94bffbbd45f3

SHA512
abfdb99ac6dbd67d4067ead4bf1ffd496cb7f82b5e9093068551fc691516495f91111f42501fa85f91b3c90a888eabd8de4792f2269e5befb8ba65d5da093785

Download Submit
C:\Users\Admin\AppData\Roaming\wza27pqp0c19\w9k7l4ynd1d.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
C:\Users\Admin\AppData\Roaming\wza27pqp0c19\w9k7l4ynd1d.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
\Users\Admin\AppData\Local\Temp\79Q696F\goopdate.dll

Filesize
424KB

MD5
7ac15af25453a3af866795745ab69cd4

SHA1
305bd8a0be224ffb2fbaf321fc26ef04de09b5c7

SHA256
1d0162cf04cd2181874ff9f016b0b6bfca4f4c6557f75a91298b2a761763a99d

SHA512
e79091c0d0a83f08f0eefb093ef3caacf03c8473275fc36ff927cd78b07dbf3402fc7e6ffc7f050d7a2a13c670971507687cb03a274add0d9ed10fd448b2afdb

Download Submit
\Users\Admin\AppData\Local\Temp\79Q696F\goopdate.dll

Filesize
424KB

MD5
7ac15af25453a3af866795745ab69cd4

SHA1
305bd8a0be224ffb2fbaf321fc26ef04de09b5c7

SHA256
1d0162cf04cd2181874ff9f016b0b6bfca4f4c6557f75a91298b2a761763a99d

SHA512
e79091c0d0a83f08f0eefb093ef3caacf03c8473275fc36ff927cd78b07dbf3402fc7e6ffc7f050d7a2a13c670971507687cb03a274add0d9ed10fd448b2afdb

Download Submit
\Users\Admin\AppData\Roaming\wza27pqp0c19\goopdate.dll

Filesize
424KB

MD5
7ac15af25453a3af866795745ab69cd4

SHA1
305bd8a0be224ffb2fbaf321fc26ef04de09b5c7

SHA256
1d0162cf04cd2181874ff9f016b0b6bfca4f4c6557f75a91298b2a761763a99d

SHA512
e79091c0d0a83f08f0eefb093ef3caacf03c8473275fc36ff927cd78b07dbf3402fc7e6ffc7f050d7a2a13c670971507687cb03a274add0d9ed10fd448b2afdb

Download Submit
memory/3500-174-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-183-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-134-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-135-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-136-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-137-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-138-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-139-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-141-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-140-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-142-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-143-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-144-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-145-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-146-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-132-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-131-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-149-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-150-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-151-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-152-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-153-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-154-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-155-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-156-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-157-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-158-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-159-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-160-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-161-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-162-0x0000000002D40000-0x0000000002E2C000-memory.dmp

Filesize
944KB

Download
memory/3500-163-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-164-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-130-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-166-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-167-0x0000000002D40000-0x0000000002E2C000-memory.dmp

Filesize
944KB

Download
memory/3500-168-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-169-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-170-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-171-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-172-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-173-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-116-0x0000000000000000-mapping.dmp

Download
memory/3500-176-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-175-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-177-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-178-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-179-0x0000000002D40000-0x0000000002E2C000-memory.dmp

Filesize
944KB

Download
memory/3500-180-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-181-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-182-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-133-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-184-0x00000000040E0000-0x00000000043C3000-memory.dmp

Filesize
2.9MB

Download
memory/3500-185-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-186-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-199-0x00000000040E0000-0x0000000004269000-memory.dmp

Filesize
1.5MB

Download
memory/3500-129-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-215-0x0000000003E20000-0x0000000003E84000-memory.dmp

Filesize
400KB

Download
memory/3500-216-0x0000000004AC0000-0x0000000004BB4000-memory.dmp

Filesize
976KB

Download
memory/3500-217-0x0000000004CD0000-0x00000000060DD000-memory.dmp

Filesize
20.1MB

Download
memory/3500-218-0x0000000004CD0000-0x00000000060DD000-memory.dmp

Filesize
20.1MB

Download
memory/3500-118-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-128-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-225-0x0000000002D40000-0x0000000002E2C000-memory.dmp

Filesize
944KB

Download
memory/3500-224-0x0000000004CD0000-0x00000000060DD000-memory.dmp

Filesize
20.1MB

Download
memory/3500-229-0x0000000003E90000-0x0000000003EE2000-memory.dmp

Filesize
328KB

Download
memory/3500-227-0x0000000004CD0000-0x0000000004DEA000-memory.dmp

Filesize
1.1MB

Download
memory/3500-127-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-126-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-125-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-119-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-124-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-120-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-123-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-122-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-121-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4320-425-0x0000000004360000-0x0000000004454000-memory.dmp

Filesize
976KB

Download
memory/4320-413-0x0000000003980000-0x0000000003B07000-memory.dmp

Filesize
1.5MB

Download
memory/4320-431-0x0000000004600000-0x0000000005A03000-memory.dmp

Filesize
20.0MB

Download
memory/4320-430-0x0000000003CB0000-0x0000000003E34000-memory.dmp

Filesize
1.5MB

Download
memory/4320-429-0x0000000004560000-0x00000000045B2000-memory.dmp

Filesize
328KB

Download
memory/4320-428-0x0000000004600000-0x0000000005A03000-memory.dmp

Filesize
20.0MB

Download
memory/4320-325-0x0000000000000000-mapping.dmp

Download
memory/4320-427-0x0000000004600000-0x0000000005A03000-memory.dmp

Filesize
20.0MB

Download
memory/4320-426-0x0000000004600000-0x0000000005A03000-memory.dmp

Filesize
20.0MB

Download
memory/4320-389-0x0000000002B00000-0x0000000002BEC000-memory.dmp

Filesize
944KB

Download
memory/4320-424-0x0000000003CB0000-0x0000000003E34000-memory.dmp

Filesize
1.5MB

Download
memory/5016-394-0x0000000004BC0000-0x0000000004C12000-memory.dmp

Filesize
328KB

Download
memory/5016-318-0x00000000049C0000-0x0000000004AB4000-memory.dmp

Filesize
976KB

Download
memory/5016-323-0x0000000004BC0000-0x0000000004C12000-memory.dmp

Filesize
328KB

Download
memory/5016-308-0x0000000003EF0000-0x000000000407A000-memory.dmp

Filesize
1.5MB

Download
memory/5016-391-0x0000000004210000-0x0000000004397000-memory.dmp

Filesize
1.5MB

Download
memory/5016-220-0x0000000000000000-mapping.dmp

Download
memory/5016-390-0x00000000049C0000-0x0000000004AB4000-memory.dmp

Filesize
976KB

Download
memory/5016-321-0x0000000004CB0000-0x00000000060BD000-memory.dmp

Filesize
20.1MB

Download
memory/5016-286-0x0000000002F20000-0x000000000300C000-memory.dmp

Filesize
944KB

Download
memory/5016-320-0x0000000004CB0000-0x00000000060BD000-memory.dmp

Filesize
20.1MB

Download
memory/5016-316-0x0000000004210000-0x0000000004397000-memory.dmp

Filesize
1.5MB

Download
memory/5016-393-0x0000000004CB0000-0x00000000060BD000-memory.dmp

Filesize
20.1MB

Download
memory/5016-322-0x0000000004CB0000-0x00000000060BD000-memory.dmp

Filesize
20.1MB

Download
memory/5016-392-0x0000000004CB0000-0x00000000060BD000-memory.dmp

Filesize
20.1MB

Download