Overview

overview

10

Static

static

476931064a...45.exe

windows7-x64

10

476931064a...45.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2023 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    476931064a8b0ecf9a4f5fefd0680a45.exe

  • Size

    328KB

  • MD5

    476931064a8b0ecf9a4f5fefd0680a45

  • SHA1

    ee254056c2b0ea556627f3700f3d387bda411952

  • SHA256

    7ad4abfeadf775b65ba6416f216742de0b4e4731114df7f8cf9bc374e3211d80

  • SHA512

    c423fb38199b1a875d4c0163d4d76ec8bd71480bea05b0ec8a0992c6a549fea625e3e254e1c1e5b4aa2f04181df78407c6ad481b8b4c5011cb38d0cd6f6f4f66

  • SSDEEP

    6144:CYlcaA4tgwmFnc4VDIA/5Qj3byDqCF/0ZY6:C8pgwmBc+DxOCGY

Score
10/10
auroradjvuicedidsmokeloader3131022508backdoorbankerdiscoveryloaderpersistenceransomwarestealertrojan

Malware Config

Extracted

Family

icedid

Campaign

3131022508

C2

wagringamuk.com

Extracted

Family

djvu

C2

http://spaceris.com/lancer/get.php

Attributes
  • extension

    .zouu

  • offline_id

    7hl6KB3alcoZ6n4DhS2rApCezkIMzShntAiXWMt1

  • payload_url

    http://uaery.top/dl/build2.exe

    http://spaceris.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-N3pXlaPXFm Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0631JOsie

rsa_pubkey.plain

Extracted

Family

aurora

C2

82.115.223.77:8081

Signatures

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora
  • Detected Djvu ransomware 9 IoCs
  • Detects Smokeloader packer 2 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 9 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Uses the VBS compiler for execution 1 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 58 IoCs
  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\476931064a8b0ecf9a4f5fefd0680a45.exe
    "C:\Users\Admin\AppData\Local\Temp\476931064a8b0ecf9a4f5fefd0680a45.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2112
  • C:\Users\Admin\AppData\Local\Temp\C420.exe
    C:\Users\Admin\AppData\Local\Temp\C420.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4500
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic os get Caption
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3604
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 140
      2⤵
      • Program crash
      PID:3904
  • C:\Users\Admin\AppData\Local\Temp\C52A.exe
    C:\Users\Admin\AppData\Local\Temp\C52A.exe
    1⤵
    • Executes dropped EXE
    PID:3840
  • C:\Users\Admin\AppData\Local\Temp\C673.exe
    C:\Users\Admin\AppData\Local\Temp\C673.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Users\Admin\AppData\Local\Temp\C673.exe
      C:\Users\Admin\AppData\Local\Temp\C673.exe
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4476
      • C:\Windows\SysWOW64\icacls.exe
        icacls "C:\Users\Admin\AppData\Local\d101b9d2-c42c-4c34-a09e-bb5143640ff5" /deny *S-1-1-0:(OI)(CI)(DE,DC)
        3⤵
        • Modifies file permissions
        PID:3896
      • C:\Users\Admin\AppData\Local\Temp\C673.exe
        "C:\Users\Admin\AppData\Local\Temp\C673.exe" --Admin IsNotAutoStart IsNotTask
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4556
        • C:\Users\Admin\AppData\Local\Temp\C673.exe
          "C:\Users\Admin\AppData\Local\Temp\C673.exe" --Admin IsNotAutoStart IsNotTask
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:3248
          • C:\Users\Admin\AppData\Local\d54eac47-e4b3-461f-b336-27e0edf00333\build2.exe
            "C:\Users\Admin\AppData\Local\d54eac47-e4b3-461f-b336-27e0edf00333\build2.exe"
            5⤵
            • Executes dropped EXE
            PID:3920
  • C:\Users\Admin\AppData\Local\Temp\C9A1.exe
    C:\Users\Admin\AppData\Local\Temp\C9A1.exe
    1⤵
    • Executes dropped EXE
    PID:3056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 344
      2⤵
      • Program crash
      PID:4844
  • C:\Users\Admin\AppData\Local\Temp\CB67.exe
    C:\Users\Admin\AppData\Local\Temp\CB67.exe
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:1436
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3056 -ip 3056
    1⤵
      PID:1900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1736 -ip 1736
      1⤵
        PID:3768

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Scripting

      1
      T1064

      Persistence

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      Defense Evasion

      File Permissions Modification

      1
      T1222

      Scripting

      1
      T1064

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Query Registry

      2
      T1012

      System Information Discovery

      3
      T1082

      Peripheral Device Discovery

      1
      T1120

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
        Filesize

        2KB

        MD5

        61a9f01083346a0ee40dc68983932b14

        SHA1

        85737a00e510acc709a5ea03d04a666bf41eb912

        SHA256

        db745e7939f305e69baa8e6fda50687f545b5b9af3cffbd290f1223d7956c1e7

        SHA512

        80edf82ede77a5657e92ca9c6ec45fe28118f1f0372d33e377185f7043580ee136927922556795552b41b9bd03aaef9a0273758af375b56ad4470aa23ac88349

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
        Filesize

        1KB

        MD5

        deb5907196e6e5e0e915c276f65a6924

        SHA1

        62802115ee04a17e66297fbfd5ab8d933040ffdb

        SHA256

        48c65c4f7dfbf070a4e8157cd0ec68e495eb3f963668f3d51ae6fedcff7fcda1

        SHA512

        4881fd5f46e1846f4e4dd3cb0295c5b48f62181bba01f8113520d97ee31b1489429281778d1ac0d58d02a3343ad97d24a96ce1d2bdbb1ddda2f77e5101f51c43

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
        Filesize

        488B

        MD5

        449a3f193940d306a6ea7e4aeff8d63b

        SHA1

        ef6d1dc7e126189591721bed925a01f42e67f5d5

        SHA256

        374eedfc0c11458906f320ffd81e65ff7ade8692b7971f903fa8e73bf5958975

        SHA512

        1fea16e48a2dbda543d095e9befd8718deb5021d1f84c91fd2e1bb0b8103ced083ba93baaa05dce4137f7a1f72b13f4b74255b4b996a572b7c924bab93af0b53

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
        Filesize

        482B

        MD5

        b00fb57ed9a0173ada0ada198692fc80

        SHA1

        0f53d7f76d1691fa564cfe04305c3fd39f21e3e6

        SHA256

        90396464646505b3c0b75c255b10de378ab0eda4591a2cf47af46fb8b627784e

        SHA512

        1734ab23d8a408ac06cd035f1dc2b6d9c9b1a38f34f705c4f6af9bd4b94a08c65ef0015c1cba81cb3ffb75b7314a460895344e0ff17d8fc324f015bb033f4c65

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C420.exe
        Filesize

        4.5MB

        MD5

        1a4261cbca6e08e1d1db27e28f24f79f

        SHA1

        6dcadc198a6ca77fcca32f5241f880e7ca583739

        SHA256

        00151824f029662701f6aa7b8e2f629193a5b186aff19b5abb9c68665bd456bc

        SHA512

        d8490b3d3174b7865a457f9b38153a1d55f3c61f973561d0a7ce23bc45f74259107ee26866c5c43bc2f2adccf2f6af9738031fc72e2c5a5e71eab8b229ea6531

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C420.exe
        Filesize

        4.5MB

        MD5

        1a4261cbca6e08e1d1db27e28f24f79f

        SHA1

        6dcadc198a6ca77fcca32f5241f880e7ca583739

        SHA256

        00151824f029662701f6aa7b8e2f629193a5b186aff19b5abb9c68665bd456bc

        SHA512

        d8490b3d3174b7865a457f9b38153a1d55f3c61f973561d0a7ce23bc45f74259107ee26866c5c43bc2f2adccf2f6af9738031fc72e2c5a5e71eab8b229ea6531

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C52A.exe
        Filesize

        747KB

        MD5

        02ff76dbe2bb9fc49ddea931896601d3

        SHA1

        037f7708d988957d49243b2e93df0878e22e0030

        SHA256

        30ac60ce48ad9a04c19803d9b4dbee395ad362ad782b8912fce238a90f1cced0

        SHA512

        79a9a33b4a61346bfd8440a0c71996a3606d4bc4026e8cf8a5361d1bd02d91fd5802af37e879a799e75881dbb0c577c9e8a7c529f4ffb7f8b47e33935f1e5f85

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C52A.exe
        Filesize

        747KB

        MD5

        02ff76dbe2bb9fc49ddea931896601d3

        SHA1

        037f7708d988957d49243b2e93df0878e22e0030

        SHA256

        30ac60ce48ad9a04c19803d9b4dbee395ad362ad782b8912fce238a90f1cced0

        SHA512

        79a9a33b4a61346bfd8440a0c71996a3606d4bc4026e8cf8a5361d1bd02d91fd5802af37e879a799e75881dbb0c577c9e8a7c529f4ffb7f8b47e33935f1e5f85

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C673.exe
        Filesize

        827KB

        MD5

        5d09682b08307cf7e7d4ee43b3b04791

        SHA1

        8668ef968def3d1e58bc5d3bb57088f0550a3b2d

        SHA256

        b0fe9334ec54815e8eda224488e34d41fcdaef253cad3c7cb751b273b3dc91e3

        SHA512

        a362e95e79b100178bce102b015e3d0107cd3df808980d84b63bc940ee7c90221f06cc2dc9f087b7e15e20ec994418483f5b913d954badf60d70f6c56b96f4d0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C673.exe
        Filesize

        827KB

        MD5

        5d09682b08307cf7e7d4ee43b3b04791

        SHA1

        8668ef968def3d1e58bc5d3bb57088f0550a3b2d

        SHA256

        b0fe9334ec54815e8eda224488e34d41fcdaef253cad3c7cb751b273b3dc91e3

        SHA512

        a362e95e79b100178bce102b015e3d0107cd3df808980d84b63bc940ee7c90221f06cc2dc9f087b7e15e20ec994418483f5b913d954badf60d70f6c56b96f4d0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C673.exe
        Filesize

        827KB

        MD5

        5d09682b08307cf7e7d4ee43b3b04791

        SHA1

        8668ef968def3d1e58bc5d3bb57088f0550a3b2d

        SHA256

        b0fe9334ec54815e8eda224488e34d41fcdaef253cad3c7cb751b273b3dc91e3

        SHA512

        a362e95e79b100178bce102b015e3d0107cd3df808980d84b63bc940ee7c90221f06cc2dc9f087b7e15e20ec994418483f5b913d954badf60d70f6c56b96f4d0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C673.exe
        Filesize

        827KB

        MD5

        5d09682b08307cf7e7d4ee43b3b04791

        SHA1

        8668ef968def3d1e58bc5d3bb57088f0550a3b2d

        SHA256

        b0fe9334ec54815e8eda224488e34d41fcdaef253cad3c7cb751b273b3dc91e3

        SHA512

        a362e95e79b100178bce102b015e3d0107cd3df808980d84b63bc940ee7c90221f06cc2dc9f087b7e15e20ec994418483f5b913d954badf60d70f6c56b96f4d0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C673.exe
        Filesize

        827KB

        MD5

        5d09682b08307cf7e7d4ee43b3b04791

        SHA1

        8668ef968def3d1e58bc5d3bb57088f0550a3b2d

        SHA256

        b0fe9334ec54815e8eda224488e34d41fcdaef253cad3c7cb751b273b3dc91e3

        SHA512

        a362e95e79b100178bce102b015e3d0107cd3df808980d84b63bc940ee7c90221f06cc2dc9f087b7e15e20ec994418483f5b913d954badf60d70f6c56b96f4d0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C9A1.exe
        Filesize

        328KB

        MD5

        548f536e53655c3872e271d21b815e70

        SHA1

        974782735ef325eab3298e05f7d013d452476956

        SHA256

        d25015c0d1c2801246b731706b80161c75286b6cddde221bb9efb95ca0b0dd58

        SHA512

        349d06c7b54b4ef4f1ff89d7c38ce7be492858b56bf5bf41f4da1bfc4a626936b3db5bc64b624999809ea602335f7393005a88df1d46a4d3f18192285bcee2e4

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C9A1.exe
        Filesize

        328KB

        MD5

        548f536e53655c3872e271d21b815e70

        SHA1

        974782735ef325eab3298e05f7d013d452476956

        SHA256

        d25015c0d1c2801246b731706b80161c75286b6cddde221bb9efb95ca0b0dd58

        SHA512

        349d06c7b54b4ef4f1ff89d7c38ce7be492858b56bf5bf41f4da1bfc4a626936b3db5bc64b624999809ea602335f7393005a88df1d46a4d3f18192285bcee2e4

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\CB67.exe
        Filesize

        327KB

        MD5

        1d04438d49e15bad354bc606852e43dd

        SHA1

        febdfc26cf1a443bd22ab4b0745ce21fece43556

        SHA256

        1747f4f45223125c112798c43414259280c6d6ffc19ebb2bd29094a795603c77

        SHA512

        4655c62461be893a9982e8ee99a514394412af543a49204c3080f710ff0ab7dab0a21fc4660f76d295a731ea87947dea0fbd9194188b66838435e156cb434e24

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\CB67.exe
        Filesize

        327KB

        MD5

        1d04438d49e15bad354bc606852e43dd

        SHA1

        febdfc26cf1a443bd22ab4b0745ce21fece43556

        SHA256

        1747f4f45223125c112798c43414259280c6d6ffc19ebb2bd29094a795603c77

        SHA512

        4655c62461be893a9982e8ee99a514394412af543a49204c3080f710ff0ab7dab0a21fc4660f76d295a731ea87947dea0fbd9194188b66838435e156cb434e24

        Download Submit
      • C:\Users\Admin\AppData\Local\d101b9d2-c42c-4c34-a09e-bb5143640ff5\C673.exe
        Filesize

        827KB

        MD5

        5d09682b08307cf7e7d4ee43b3b04791

        SHA1

        8668ef968def3d1e58bc5d3bb57088f0550a3b2d

        SHA256

        b0fe9334ec54815e8eda224488e34d41fcdaef253cad3c7cb751b273b3dc91e3

        SHA512

        a362e95e79b100178bce102b015e3d0107cd3df808980d84b63bc940ee7c90221f06cc2dc9f087b7e15e20ec994418483f5b913d954badf60d70f6c56b96f4d0

        Download Submit
      • C:\Users\Admin\AppData\Local\d54eac47-e4b3-461f-b336-27e0edf00333\build2.exe
        Filesize

        422KB

        MD5

        19b18ab424c9bfe498094eab6e124eb8

        SHA1

        b78148d95360125fe8e778bbff8d41eb58c48ede

        SHA256

        f89ea963fcb584772f149a3c6a576d2a8cb037b3f956ac43dfc9ca0abe310956

        SHA512

        202f57aa334bed6c55731c79804a5d05e879b3b518483668d5d73848b5409882cc90f17a4735fbb6fddb0f0a3ce3bf36c9d022e59b850b77ba679201f9c40b0b

        Download Submit
      • C:\Users\Admin\AppData\Local\d54eac47-e4b3-461f-b336-27e0edf00333\build2.exe
        Filesize

        422KB

        MD5

        19b18ab424c9bfe498094eab6e124eb8

        SHA1

        b78148d95360125fe8e778bbff8d41eb58c48ede

        SHA256

        f89ea963fcb584772f149a3c6a576d2a8cb037b3f956ac43dfc9ca0abe310956

        SHA512

        202f57aa334bed6c55731c79804a5d05e879b3b518483668d5d73848b5409882cc90f17a4735fbb6fddb0f0a3ce3bf36c9d022e59b850b77ba679201f9c40b0b

        Download Submit
      • memory/8-161-0x0000000002280000-0x000000000239B000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/8-159-0x0000000000698000-0x0000000000729000-memory.dmp
        Filesize

        580KB

        Download
      • memory/8-146-0x0000000000000000-mapping.dmp
        Download
      • memory/1436-155-0x0000000000000000-mapping.dmp
        Download
      • memory/1436-176-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/1436-168-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/1436-166-0x000000000079D000-0x00000000007B3000-memory.dmp
        Filesize

        88KB

        Download
      • memory/1436-167-0x00000000006B0000-0x00000000006B9000-memory.dmp
        Filesize

        36KB

        Download
      • memory/1736-136-0x0000000000000000-mapping.dmp
        Download
      • memory/1736-199-0x00000000000A0000-0x000000000051E000-memory.dmp
        Filesize

        4.5MB

        Download
      • memory/2112-133-0x00000000005F0000-0x00000000005F9000-memory.dmp
        Filesize

        36KB

        Download
      • memory/2112-134-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/2112-135-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/2112-132-0x000000000067E000-0x0000000000694000-memory.dmp
        Filesize

        88KB

        Download
      • memory/3056-169-0x00000000005DD000-0x00000000005F3000-memory.dmp
        Filesize

        88KB

        Download
      • memory/3056-170-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/3056-152-0x0000000000000000-mapping.dmp
        Download
      • memory/3248-180-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/3248-187-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/3248-177-0x0000000000000000-mapping.dmp
        Download
      • memory/3248-182-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/3604-200-0x0000000000000000-mapping.dmp
        Download
      • memory/3840-139-0x0000000000000000-mapping.dmp
        Download
      • memory/3840-142-0x0000000140000000-0x0000000140008000-memory.dmp
        Filesize

        32KB

        Download
      • memory/3840-143-0x0000000000400000-0x00000000004C2000-memory.dmp
        Filesize

        776KB

        Download
      • memory/3896-171-0x0000000000000000-mapping.dmp
        Download
      • memory/3920-201-0x0000000000000000-mapping.dmp
        Download
      • memory/4476-158-0x0000000000000000-mapping.dmp
        Download
      • memory/4476-175-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4476-163-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4476-160-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4476-164-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4476-165-0x0000000000400000-0x0000000000537000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4500-188-0x0000000000000000-mapping.dmp
        Download
      • memory/4500-189-0x0000000000E00000-0x0000000001276000-memory.dmp
        Filesize

        4.5MB

        Download
      • memory/4500-198-0x0000000000E00000-0x0000000001276000-memory.dmp
        Filesize

        4.5MB

        Download
      • memory/4556-181-0x0000000001FF5000-0x0000000002086000-memory.dmp
        Filesize

        580KB

        Download
      • memory/4556-173-0x0000000000000000-mapping.dmp
        Download