271d8bf13f96188684e0f68446f16084ec6d8c231837c45e3ec3ebb73062574d

Resubmissions

23-02-2023 14:03

230223-rcnzwsga69 10

20-01-2023 12:25

16-01-2023 12:00

15-01-2023 04:12

15-01-2023 04:01

15-01-2023 03:56

15-01-2023 01:02

15-01-2023 00:38

Analysis

max time kernel
370s
max time network
1190s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
14-01-2023 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe
Size

1.6MB
MD5

9f7aaf3a9a3f325dd533ecc38d85a351
SHA1

1ebdc55b96e11d9b924fbba8c5fa1799ff247970
SHA256

88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd
SHA512

0afdcb5362be67938d00baaeb3974af3ad2b7342c8024ec2390ce87bad4c6252e4c8277a0bb36979cdcb4036aa9f7dc93ac23f78acdd04033c3086fa3fd7286f
SSDEEP

24576:yWmAFubS9dt9Mcp5CPu4YV5GaCxYiluVuTY4PRVGEw6GPDp5MwNrsJjF2GKGI8L:q29dRpYW4YV5QxYiET8ahPDMwNrs2y

Score

10^/10

evasion spyware trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

jsc.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	jsc.exe

Executes dropped EXE 2 IoCs

Processes:

Engine.exeChampion.exe.pif

pid process

4808 Engine.exe
364 Champion.exe.pif

pid	process
4808	Engine.exe
364	Champion.exe.pif

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Engine.exe	upx
behavioral1/memory/4808-163-0x0000000000400000-0x0000000000558000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Engine.exe	upx
behavioral1/memory/4808-323-0x0000000000400000-0x0000000000558000-memory.dmp	upx
behavioral1/memory/4808-524-0x0000000000400000-0x0000000000558000-memory.dmp	upx

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Drops desktop.ini file(s) 1 IoCs

Processes:

bcastdvr.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini bcastdvr.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

20 eth0.me
Suspicious use of SetThreadContext 1 IoCs

Processes:

Champion.exe.pif

description pid process target process

PID 364 set thread context of 4268 364 Champion.exe.pif jsc.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

flow	ioc
20	eth0.me

description	pid	process	target process
PID 364 set thread context of 4268	364	Champion.exe.pif	jsc.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

GamePanel.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

bcastdvr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bcastdvr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	bcastdvr.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

4528 taskkill.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4756 PING.EXE

pid	process
4528	taskkill.exe

pid	process
4756	PING.EXE

Suspicious behavior: EnumeratesProcesses 19 IoCs

Processes:

powershell.exepowershell.exeChampion.exe.pifjsc.exe

pid	process
4464	powershell.exe
4464	powershell.exe
4464	powershell.exe
4464	powershell.exe
4208	powershell.exe
4208	powershell.exe
4208	powershell.exe
4208	powershell.exe
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif
4268	jsc.exe
4268	jsc.exe
4268	jsc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exepowershell.exejsc.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	4464	powershell.exe
Token: SeDebugPrivilege	4208	powershell.exe
Token: SeDebugPrivilege	4268	jsc.exe
Token: SeDebugPrivilege	4528	taskkill.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Champion.exe.pif

pid process

364 Champion.exe.pif
364 Champion.exe.pif
364 Champion.exe.pif
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

Champion.exe.pif

pid process

364 Champion.exe.pif
364 Champion.exe.pif
364 Champion.exe.pif

pid	process
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif

pid	process
364	Champion.exe.pif
364	Champion.exe.pif
364	Champion.exe.pif

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exeEngine.execmd.execmd.exeChampion.exe.pifjsc.exe

description	pid	process	target process
PID 1304 wrote to memory of 4808	1304	88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe	Engine.exe
PID 1304 wrote to memory of 4808	1304	88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe	Engine.exe
PID 1304 wrote to memory of 4808	1304	88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe	Engine.exe
PID 4808 wrote to memory of 3356	4808	Engine.exe	cmd.exe
PID 4808 wrote to memory of 3356	4808	Engine.exe	cmd.exe
PID 4808 wrote to memory of 3356	4808	Engine.exe	cmd.exe
PID 3356 wrote to memory of 4244	3356	cmd.exe	cmd.exe
PID 3356 wrote to memory of 4244	3356	cmd.exe	cmd.exe
PID 3356 wrote to memory of 4244	3356	cmd.exe	cmd.exe
PID 4244 wrote to memory of 4464	4244	cmd.exe	powershell.exe
PID 4244 wrote to memory of 4464	4244	cmd.exe	powershell.exe
PID 4244 wrote to memory of 4464	4244	cmd.exe	powershell.exe
PID 4244 wrote to memory of 4208	4244	cmd.exe	powershell.exe
PID 4244 wrote to memory of 4208	4244	cmd.exe	powershell.exe
PID 4244 wrote to memory of 4208	4244	cmd.exe	powershell.exe
PID 4244 wrote to memory of 612	4244	cmd.exe	findstr.exe
PID 4244 wrote to memory of 612	4244	cmd.exe	findstr.exe
PID 4244 wrote to memory of 612	4244	cmd.exe	findstr.exe
PID 4244 wrote to memory of 364	4244	cmd.exe	Champion.exe.pif
PID 4244 wrote to memory of 364	4244	cmd.exe	Champion.exe.pif
PID 4244 wrote to memory of 364	4244	cmd.exe	Champion.exe.pif
PID 4244 wrote to memory of 4756	4244	cmd.exe	PING.EXE
PID 4244 wrote to memory of 4756	4244	cmd.exe	PING.EXE
PID 4244 wrote to memory of 4756	4244	cmd.exe	PING.EXE
PID 364 wrote to memory of 4268	364	Champion.exe.pif	jsc.exe
PID 364 wrote to memory of 4268	364	Champion.exe.pif	jsc.exe
PID 364 wrote to memory of 4268	364	Champion.exe.pif	jsc.exe
PID 364 wrote to memory of 4268	364	Champion.exe.pif	jsc.exe
PID 364 wrote to memory of 4268	364	Champion.exe.pif	jsc.exe
PID 4268 wrote to memory of 4528	4268	jsc.exe	taskkill.exe
PID 4268 wrote to memory of 4528	4268	jsc.exe	taskkill.exe
PID 4268 wrote to memory of 4528	4268	jsc.exe	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe
"C:\Users\Admin\AppData\Local\Temp\88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1304

C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Engine.exe
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Engine.exe /TH_ID=_1312 /OriginExe="C:\Users\Admin\AppData\Local\Temp\88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cmd < 4
3⤵
- Suspicious use of WriteProcessMemory
PID:3356

C:\Windows\SysWOW64\cmd.exe
cmd
4⤵
- Suspicious use of WriteProcessMemory
PID:4244

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell get-process avastui
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4464

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell get-process avgui
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4208

C:\Windows\SysWOW64\findstr.exe
findstr /V /R "^ibXEdmiVmigethPmiCeveAlmmdbbRGVlGZgkrkVHBRdIphNCcvDTejGGhntqwKrSktcyZDvWGxUklCdjCVwceeizaHYEiVGRNbvySICSZHhIac$" 45
5⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\5col3ccv.tda\17950\Champion.exe.pif
17950\\Champion.exe.pif 17950\\S
5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
6⤵
- UAC bypass
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4268

C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /im chrome.exe /f
7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Windows\SysWOW64\PING.EXE
ping localhost -n 18
5⤵
- Runs ping.exe
PID:4756

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000A01CC /startuptips
1⤵
- Checks SCSI registry key(s)
PID:3288

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:4248

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Remote System Discovery

T1018

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
6bf0e5945fb9da68e1b03bdaed5f6f8d

SHA1
eed3802c8e4abe3b327c100c99c53d3bbcf8a33d

SHA256
dda58fd16fee83a65c05936b1a070187f2c360024650ecaf857c5e060a6a55f1

SHA512
977a393fdad2b162aa42194ddad6ec8bcab24f81980ff01b1c22c4d59ac268bb5ce947105c968de1a8a66b35023280a1e7709dfea5053385f87141389ebecb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
18KB

MD5
f63eb6e4d8f65449a031b9fc0bdb1aab

SHA1
68df1e8292c13832d0fa132e620da2d9ead09503

SHA256
ca5798606dd136187a36b6e3ccb3119641c4793b6b7e9ed1767f555984428aca

SHA512
ccd0f2cc8c99b109982029b4fd3d140f22b4f6bec84ca66bcbd73bb156e23e87adc38b8801dbc77abebf16d88ea454ca434133d95e5f8946f8b9b4d2571be8ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\5col3ccv.tda\17950\Champion.exe.pif
Filesize
872KB

MD5
c56b5f0201a3b3de53e561fe76912bfd

SHA1
2a4062e10a5de813f5688221dbeb3f3ff33eb417

SHA256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

SHA512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\00000#4
Filesize
12KB

MD5
4839bb17c0c82a044dbd0072c6c98cb6

SHA1
3c06dcc178dd8a8e2290b746cfc7e704a537c91f

SHA256
a7e6636cd2ba510513484cfea9201884f64f7b664951402b909caf9728704ec2

SHA512
13d607b989efca3105363a10f481ef02fdcfcd5da4a267da0b87f3f2417456e672337c8e6332e0be286f6401bea203149a1cd23a24a8006f689b32e9d6199b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\00001#45
Filesize
872KB

MD5
a3b85111ecdfc29672319893192bb7fd

SHA1
4ec865fd387eade4cd0b0ad8cabd68cae89ac8d5

SHA256
ec8149d7c157e53108c089f07b8d2bf1156b8c1f8632c938a2130279927e2367

SHA512
0c9e75843ebe962246a0fd2d15e2b90ae71257aac15ee7b1cf12a3fc383a144fef5959c0a81c7d9f55ef6893937b1a9868a7c2546d70045c40810a7b3a0be804

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\00002#7
Filesize
1.5MB

MD5
536073c3748e4eb7bbee303547b7227d

SHA1
4397b1d855e799f4d38467a848cda2273c1c6c73

SHA256
8e289b8dfc7e4994d808ef79a88adb513365177604fe587f6efa812f284e21a3

SHA512
3b1e1c853c362770a4ddcc4c7b3b932f9adf9db006bf649266a1b0c9c6c7b0afb7f0cd5687f672ed58908c9af8b56a830888b6f30defb97297cbde8de18f7651

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Engine.exe
Filesize
392KB

MD5
a7a99a201774531d761f6aac2651a9df

SHA1
b122ae368c4bf103e959a6ebb54ddb310117ab96

SHA256
e6e73497e85e9ece4c92ac7d49e07b9d55e932ba2d9e5789b94b95a9841ee524

SHA512
056504da2afeed547a4123ac8c38b35291b7dc0126fb638ae304eee802ac572715f9d608e9f1655788a030f488354741ee27c805434111c8e915cf841c0892f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Engine.exe
Filesize
392KB

MD5
a7a99a201774531d761f6aac2651a9df

SHA1
b122ae368c4bf103e959a6ebb54ddb310117ab96

SHA256
e6e73497e85e9ece4c92ac7d49e07b9d55e932ba2d9e5789b94b95a9841ee524

SHA512
056504da2afeed547a4123ac8c38b35291b7dc0126fb638ae304eee802ac572715f9d608e9f1655788a030f488354741ee27c805434111c8e915cf841c0892f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Modern_Icon.bmp
Filesize
7KB

MD5
1dd88f67f029710d5c5858a6293a93f1

SHA1
3e5ef66613415fe9467b2a24ccc27d8f997e7df6

SHA256
b5dad33ceb6eb1ac2a05fbda76e29a73038403939218a88367925c3a20c05532

SHA512
7071fd64038e0058c8c586c63c62677c0ca403768100f90323cf9c0bc7b7fcb538391e6f3606bd7970b8769445606ada47adcdcfc1e991e25caf272a13e10c94

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_35442\Setup.txt
Filesize
2KB

MD5
ae90fca8c12f2c43c468fbd0954381f7

SHA1
d475bb8f5891ab5f4c7cd2c90847cbfa68758842

SHA256
d9f67a975a877aa95e76821542311adb21704988d8452916d5b51feeeff3e720

SHA512
6880c7b658b7852bfcd597a57fd6e85f8a218e18d7acc248edc8efb2bea5a61063c4eeb5ae48008cc07408501c1af0eefc6a9010820ba823ab3fe66dae1f9041

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/364-438-0x0000000000000000-mapping.dmp

Download
memory/612-423-0x0000000000000000-mapping.dmp

Download
memory/1304-150-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-130-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-135-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-136-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-137-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-138-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-139-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-140-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-141-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-142-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-143-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-144-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-145-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-146-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-147-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-148-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-149-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-133-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-151-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-152-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-153-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-154-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-155-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-121-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-132-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-122-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-123-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-124-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-125-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-120-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-126-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-127-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-128-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-131-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-134-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1304-129-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/3356-229-0x0000000000000000-mapping.dmp

Download
memory/4208-344-0x0000000000000000-mapping.dmp

Download
memory/4244-237-0x0000000000000000-mapping.dmp

Download
memory/4268-527-0x0000000001250E0E-mapping.dmp

Download
memory/4268-560-0x00000000011B0000-0x0000000001256000-memory.dmp

Filesize
664KB

Download
memory/4268-577-0x0000000005790000-0x0000000005822000-memory.dmp

Filesize
584KB

Download
memory/4268-611-0x00000000070E0000-0x00000000072A2000-memory.dmp

Filesize
1.8MB

Download
memory/4268-612-0x00000000077E0000-0x0000000007D0C000-memory.dmp

Filesize
5.2MB

Download
memory/4268-615-0x0000000007090000-0x00000000070AE000-memory.dmp

Filesize
120KB

Download
memory/4268-618-0x0000000007720000-0x0000000007732000-memory.dmp

Filesize
72KB

Download
memory/4268-620-0x0000000007780000-0x00000000077BE000-memory.dmp

Filesize
248KB

Download
memory/4268-631-0x0000000008250000-0x00000000082A0000-memory.dmp

Filesize
320KB

Download
memory/4464-312-0x0000000007440000-0x00000000074A6000-memory.dmp

Filesize
408KB

Download
memory/4464-336-0x0000000008C70000-0x0000000008D04000-memory.dmp

Filesize
592KB

Download
memory/4464-250-0x0000000000000000-mapping.dmp

Download
memory/4464-291-0x0000000006CC0000-0x00000000072E8000-memory.dmp

Filesize
6.2MB

Download
memory/4464-339-0x0000000009210000-0x000000000970E000-memory.dmp

Filesize
5.0MB

Download
memory/4464-338-0x0000000008C00000-0x0000000008C22000-memory.dmp

Filesize
136KB

Download
memory/4464-337-0x0000000008970000-0x000000000898A000-memory.dmp

Filesize
104KB

Download
memory/4464-286-0x0000000004070000-0x00000000040A6000-memory.dmp

Filesize
216KB

Download
memory/4464-321-0x0000000007B60000-0x0000000007BD6000-memory.dmp

Filesize
472KB

Download
memory/4464-317-0x00000000078C0000-0x000000000790B000-memory.dmp

Filesize
300KB

Download
memory/4464-316-0x00000000073B0000-0x00000000073CC000-memory.dmp

Filesize
112KB

Download
memory/4464-313-0x00000000074B0000-0x0000000007800000-memory.dmp

Filesize
3.3MB

Download
memory/4464-311-0x00000000072F0000-0x0000000007356000-memory.dmp

Filesize
408KB

Download
memory/4464-309-0x0000000006AD0000-0x0000000006AF2000-memory.dmp

Filesize
136KB

Download
memory/4528-622-0x0000000000000000-mapping.dmp

Download
memory/4756-442-0x0000000000000000-mapping.dmp

Download
memory/4808-176-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-171-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-175-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-183-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-173-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-177-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-178-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-179-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-180-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-323-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4808-182-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-187-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-186-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-185-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-172-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-174-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-170-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-169-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-168-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-167-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-184-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-524-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4808-165-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-162-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-164-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-163-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4808-161-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-160-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-159-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-158-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-181-0x0000000077D10000-0x0000000077E9E000-memory.dmp

Filesize
1.6MB

Download
memory/4808-156-0x0000000000000000-mapping.dmp

Download