66268aed698f7adae7052da5ed7732545a9ec12a206e9a04585e5f8f89620e38

Resubmissions

12-01-2023 18:02

230112-wmhcbacg3y 9

11-01-2023 21:35

230111-1fb9yaad3x 9

Analysis

max time kernel
233s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2023 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse X.exe
Size

1.1MB
MD5

0f2fdcdf9c38f7bd4dd7a50495fec1c1
SHA1

54cddd6dceef2b5d7f11b4d9a5606586ddae8dfd
SHA256

66268aed698f7adae7052da5ed7732545a9ec12a206e9a04585e5f8f89620e38
SHA512

6fbe09d840c1dcafcbc949a0a35d20615abab7ae0453a6930ccf379539c996481d0d5922f5b79581afa3630807ff83331edabc6dfb160bac2176f816662490c8
SSDEEP

12288:x/kTcGtQyWa+e9+/mxAv6VS8dRsSt+B47fbDuOGPsfVmm6ZbrAUvfOWZH+kT:x/ZSQyvp+/m6v6Q8dRD5etc6ZbXfOWZ

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	eGsfkOFtUhj5Iqoc.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1700	A3C392F3524C07C5.bin
2088	eGsfkOFtUhj5Iqoc.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	eGsfkOFtUhj5Iqoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	eGsfkOFtUhj5Iqoc.exe

Loads dropped DLL 10 IoCs

pid	Process
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	eGsfkOFtUhj5Iqoc.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1432	2088	WerFault.exe	89

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	eGsfkOFtUhj5Iqoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	eGsfkOFtUhj5Iqoc.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	eGsfkOFtUhj5Iqoc.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	eGsfkOFtUhj5Iqoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	eGsfkOFtUhj5Iqoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	eGsfkOFtUhj5Iqoc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	eGsfkOFtUhj5Iqoc.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1700	A3C392F3524C07C5.bin
2088	eGsfkOFtUhj5Iqoc.exe
2088	eGsfkOFtUhj5Iqoc.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4636	Synapse X.exe
Token: SeDebugPrivilege	1700	A3C392F3524C07C5.bin
Token: SeDebugPrivilege	2088	eGsfkOFtUhj5Iqoc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 1700	4636	Synapse X.exe	87
PID 4636 wrote to memory of 1700	4636	Synapse X.exe	87
PID 4636 wrote to memory of 1700	4636	Synapse X.exe	87
PID 1700 wrote to memory of 2088	1700	A3C392F3524C07C5.bin	89
PID 1700 wrote to memory of 2088	1700	A3C392F3524C07C5.bin	89
PID 1700 wrote to memory of 2088	1700	A3C392F3524C07C5.bin	89

C:\Users\Admin\AppData\Local\Temp\Synapse X.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Users\Admin\AppData\Local\Temp\bin\A3C392F3524C07C5.bin
  "bin\A3C392F3524C07C5.bin"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\bin\eGsfkOFtUhj5Iqoc.exe
    "bin\eGsfkOFtUhj5Iqoc.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Executes dropped EXE
    - Checks BIOS information in registry
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2088
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 3524
      4⤵
      Program crash
      PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2088 -ip 2088
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bin\A3C392F3524C07C5.bin

Filesize
2.4MB

MD5
a3c9b29774425f6e3e199c1bad32ab3d

SHA1
e0851dd24deef3352d2c3f651163d208c3ab0df6

SHA256
ff17bd3f171b30309a7cd36b47af4d6536c7b6a26d7b99f7c8a06c9c50387251

SHA512
022c5f6c2ffae13fddd982876edd79662a9dc3c59300cf6a37303a691de9c14be123ea601955173b20fd4f1d4019ae042a681d6fa006615226b314f382c02ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\A3C392F3524C07C5.bin

Filesize
2.4MB

MD5
a3c9b29774425f6e3e199c1bad32ab3d

SHA1
e0851dd24deef3352d2c3f651163d208c3ab0df6

SHA256
ff17bd3f171b30309a7cd36b47af4d6536c7b6a26d7b99f7c8a06c9c50387251

SHA512
022c5f6c2ffae13fddd982876edd79662a9dc3c59300cf6a37303a691de9c14be123ea601955173b20fd4f1d4019ae042a681d6fa006615226b314f382c02ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.Core.dll

Filesize
1.3MB

MD5
a44554d38b7a25a7ab2320fe731c5298

SHA1
c287a88fd3a064b387888f4bbc37a0630c877253

SHA256
35980974bdba6d5dd6a4dc1072e33aab77f72f56c46779cb0216e4801dcc36ab

SHA512
bd8956b7e8ca6d1129fbbb950dd913183b3e92601c2c900aed26d695782e4663654ac57074e1f0f2efcf9cced969487162910dc9bb52b42572d61994b07f2aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.Core.dll

Filesize
1.3MB

MD5
a44554d38b7a25a7ab2320fe731c5298

SHA1
c287a88fd3a064b387888f4bbc37a0630c877253

SHA256
35980974bdba6d5dd6a4dc1072e33aab77f72f56c46779cb0216e4801dcc36ab

SHA512
bd8956b7e8ca6d1129fbbb950dd913183b3e92601c2c900aed26d695782e4663654ac57074e1f0f2efcf9cced969487162910dc9bb52b42572d61994b07f2aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.Core.dll

Filesize
1.3MB

MD5
a44554d38b7a25a7ab2320fe731c5298

SHA1
c287a88fd3a064b387888f4bbc37a0630c877253

SHA256
35980974bdba6d5dd6a4dc1072e33aab77f72f56c46779cb0216e4801dcc36ab

SHA512
bd8956b7e8ca6d1129fbbb950dd913183b3e92601c2c900aed26d695782e4663654ac57074e1f0f2efcf9cced969487162910dc9bb52b42572d61994b07f2aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.Wpf.dll

Filesize
83KB

MD5
1533d9b2ed991ad4fecef548dc762565

SHA1
7a0664cc6bdc5ffd23c4aba43fa7b2acdfe949f4

SHA256
8e6e874d51f654c1c081cd1658a2e4ad8e3b92e74f9406e8c4eb34d354ab8791

SHA512
710677d3c6ebff9da638d22a3ae800eb12ba947aad9acb4e42f9e9268ade1b8dde680b4aa135121851285943aecc0fc9be85c5ca8a269d6857b35e905c7b7c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.Wpf.dll

Filesize
83KB

MD5
1533d9b2ed991ad4fecef548dc762565

SHA1
7a0664cc6bdc5ffd23c4aba43fa7b2acdfe949f4

SHA256
8e6e874d51f654c1c081cd1658a2e4ad8e3b92e74f9406e8c4eb34d354ab8791

SHA512
710677d3c6ebff9da638d22a3ae800eb12ba947aad9acb4e42f9e9268ade1b8dde680b4aa135121851285943aecc0fc9be85c5ca8a269d6857b35e905c7b7c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.dll

Filesize
219KB

MD5
92defcf3ee31db03999e8ea41742f8f8

SHA1
2d5a94c029e1ac0df07a2055f03ca3d77ceb76b6

SHA256
d3873ec8cf9a80b3b5691445cd0f6d2a38f5a2432864d7fa372b751bad54e891

SHA512
d58f4c6bf526ed5e19bbb9c36db8fa192c63eb770b8bb5cebef0e1baf69d35ec3e1367062b9d2af9aa654d97e9cdcecca9c12bc73d9097c38a9c7e6dc11f103a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\CefSharp.dll

Filesize
219KB

MD5
92defcf3ee31db03999e8ea41742f8f8

SHA1
2d5a94c029e1ac0df07a2055f03ca3d77ceb76b6

SHA256
d3873ec8cf9a80b3b5691445cd0f6d2a38f5a2432864d7fa372b751bad54e891

SHA512
d58f4c6bf526ed5e19bbb9c36db8fa192c63eb770b8bb5cebef0e1baf69d35ec3e1367062b9d2af9aa654d97e9cdcecca9c12bc73d9097c38a9c7e6dc11f103a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\SLAgent.dll

Filesize
6.0MB

MD5
9b248dfff1d2b73fd639324741fe2e08

SHA1
e82684cd6858a6712eff69ace1707b3bcd464105

SHA256
39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

SHA512
56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\SLAgent.dll

Filesize
6.0MB

MD5
9b248dfff1d2b73fd639324741fe2e08

SHA1
e82684cd6858a6712eff69ace1707b3bcd464105

SHA256
39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

SHA512
56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\SynapseInjector.dll

Filesize
6.0MB

MD5
9b248dfff1d2b73fd639324741fe2e08

SHA1
e82684cd6858a6712eff69ace1707b3bcd464105

SHA256
39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

SHA512
56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chrome_elf.dll

Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\eGsfkOFtUhj5Iqoc.exe

Filesize
2.4MB

MD5
a3c9b29774425f6e3e199c1bad32ab3d

SHA1
e0851dd24deef3352d2c3f651163d208c3ab0df6

SHA256
ff17bd3f171b30309a7cd36b47af4d6536c7b6a26d7b99f7c8a06c9c50387251

SHA512
022c5f6c2ffae13fddd982876edd79662a9dc3c59300cf6a37303a691de9c14be123ea601955173b20fd4f1d4019ae042a681d6fa006615226b314f382c02ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\eGsfkOFtUhj5Iqoc.exe

Filesize
2.4MB

MD5
a3c9b29774425f6e3e199c1bad32ab3d

SHA1
e0851dd24deef3352d2c3f651163d208c3ab0df6

SHA256
ff17bd3f171b30309a7cd36b47af4d6536c7b6a26d7b99f7c8a06c9c50387251

SHA512
022c5f6c2ffae13fddd982876edd79662a9dc3c59300cf6a37303a691de9c14be123ea601955173b20fd4f1d4019ae042a681d6fa006615226b314f382c02ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\libcef.dll

Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
memory/1700-139-0x00000000007C0000-0x0000000000A34000-memory.dmp

Filesize
2.5MB

Download
memory/1700-136-0x0000000000000000-mapping.dmp

Download
memory/2088-154-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-191-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-153-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-226-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-156-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-157-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-158-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-159-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-160-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-161-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-162-0x0000000005E80000-0x0000000005E88000-memory.dmp

Filesize
32KB

Download
memory/2088-164-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-165-0x000000000A3E0000-0x000000000A418000-memory.dmp

Filesize
224KB

Download
memory/2088-167-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-166-0x000000000A3B0000-0x000000000A3BE000-memory.dmp

Filesize
56KB

Download
memory/2088-169-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-170-0x0000000005120000-0x0000000005170000-memory.dmp

Filesize
320KB

Download
memory/2088-171-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-172-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-173-0x00000000052B0000-0x00000000052C2000-memory.dmp

Filesize
72KB

Download
memory/2088-174-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-176-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-178-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-179-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-181-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-183-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-182-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-184-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-186-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-185-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-187-0x000000000BD30000-0x000000000C25C000-memory.dmp

Filesize
5.2MB

Download
memory/2088-188-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-189-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-190-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-192-0x0000000004C60000-0x0000000004C6A000-memory.dmp

Filesize
40KB

Download
memory/2088-152-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-193-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-194-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-195-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-196-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-197-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-198-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-199-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-200-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-201-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-151-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-150-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-149-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-147-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-146-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-209-0x000000000D780000-0x000000000D79C000-memory.dmp

Filesize
112KB

Download
memory/2088-141-0x0000000000000000-mapping.dmp

Download
memory/2088-225-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-210-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-214-0x000000000D7E0000-0x000000000D81E000-memory.dmp

Filesize
248KB

Download
memory/2088-224-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-222-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-213-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-215-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-216-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-218-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-219-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-220-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-221-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/2088-223-0x000000006DB20000-0x000000006EA46000-memory.dmp

Filesize
15.1MB

Download
memory/4636-133-0x0000000005D00000-0x00000000062A4000-memory.dmp

Filesize
5.6MB

Download
memory/4636-134-0x0000000005750000-0x00000000057E2000-memory.dmp

Filesize
584KB

Download
memory/4636-135-0x0000000008C00000-0x0000000008C22000-memory.dmp

Filesize
136KB

Download
memory/4636-132-0x0000000000B40000-0x0000000000C58000-memory.dmp

Filesize
1.1MB

Download