purecrypter | 92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de

Analysis

max time kernel
150s
max time network
133s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
25-01-2023 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
Size

24KB
MD5

4edc2181db86513f593f18793d30ebf9
SHA1

33a4a18759143c258703147bb5a05a19f9be65d6
SHA256

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de
SHA512

1f74d7a3d3a956ab8c472d1977279b8cff4a3989b03c7c78d704ee18a34e98546a7678baaddcc5c22930f627f3ffde2101a613f13fa4d6306b74cdc4fbf240b5
SSDEEP

96:TbpKgeeUZvHZ6mkIWjT4nLkjDUPRx0UxkRbkPf4LNiRB4e3T3e3Lvn1fzNt:Y8AvQdIWfoLkjD8TOQPf4L9bnr

Score

10^/10

purecrypter smokeloader backdoor collection downloader loader persistence trojan

Malware Config

Signatures

Detect PureCrypter injector 1 IoCs

loader

Processes:

resource	yara_rule
behavioral1/memory/2204-192-0x0000000005FA0000-0x0000000006008000-memory.dmp	family_purecrypter

Detects Smokeloader packer 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3056-296-0x0000000000402EF0-mapping.dmp	family_smokeloader
behavioral1/memory/3056-327-0x0000000000400000-0x0000000000409000-memory.dmp	family_smokeloader
behavioral1/memory/3056-328-0x0000000000400000-0x0000000000409000-memory.dmp	family_smokeloader

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Executes dropped EXE 1 IoCs

Processes:

213F.exe

pid process

4088 213F.exe
Deletes itself 1 IoCs

Processes:

pid process

2312

pid	process
4088	213F.exe

pid	process
2312

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

Processes:

explorer.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	explorer.exe
Key opened	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	explorer.exe
Key opened	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	explorer.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run\Goyyvx = "\"C:\\Users\\Admin\\AppData\\Roaming\\Neyachzs\\Goyyvx.exe\""	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

description	pid	process	target process
PID 2204 set thread context of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4596 4088 WerFault.exe 213F.exe

pid	pid_target	process	target process
4596	4088	WerFault.exe	213F.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

description	ioc	process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

powershell.exe92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

pid	process
1984	powershell.exe
1984	powershell.exe
1984	powershell.exe
3056	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
3056	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

2312
Suspicious behavior: MapViewOfSection 13 IoCs

Processes:

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

pid process

3056 92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312

pid	process
2312

pid	process
3056	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312
2312

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exepowershell.exe213F.exe

description	pid	process
Token: SeDebugPrivilege	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
Token: SeDebugPrivilege	1984	powershell.exe
Token: SeDebugPrivilege	4088	213F.exe
Token: SeShutdownPrivilege	2312
Token: SeCreatePagefilePrivilege	2312
Token: SeShutdownPrivilege	2312
Token: SeCreatePagefilePrivilege	2312
Token: SeShutdownPrivilege	2312
Token: SeCreatePagefilePrivilege	2312

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe

description	pid	process	target process
PID 2204 wrote to memory of 1984	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	powershell.exe
PID 2204 wrote to memory of 1984	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	powershell.exe
PID 2204 wrote to memory of 1984	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	powershell.exe
PID 2204 wrote to memory of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
PID 2204 wrote to memory of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
PID 2204 wrote to memory of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
PID 2204 wrote to memory of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
PID 2204 wrote to memory of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
PID 2204 wrote to memory of 3056	2204	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe	92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
PID 2312 wrote to memory of 4088	2312		213F.exe
PID 2312 wrote to memory of 4088	2312		213F.exe
PID 2312 wrote to memory of 4088	2312		213F.exe
PID 2312 wrote to memory of 4852	2312		explorer.exe
PID 2312 wrote to memory of 4852	2312		explorer.exe
PID 2312 wrote to memory of 4852	2312		explorer.exe
PID 2312 wrote to memory of 4852	2312		explorer.exe
PID 2312 wrote to memory of 600	2312		explorer.exe
PID 2312 wrote to memory of 600	2312		explorer.exe
PID 2312 wrote to memory of 600	2312		explorer.exe
PID 2312 wrote to memory of 4104	2312		explorer.exe
PID 2312 wrote to memory of 4104	2312		explorer.exe
PID 2312 wrote to memory of 4104	2312		explorer.exe
PID 2312 wrote to memory of 4104	2312		explorer.exe
PID 2312 wrote to memory of 2064	2312		explorer.exe
PID 2312 wrote to memory of 2064	2312		explorer.exe
PID 2312 wrote to memory of 2064	2312		explorer.exe
PID 2312 wrote to memory of 996	2312		explorer.exe
PID 2312 wrote to memory of 996	2312		explorer.exe
PID 2312 wrote to memory of 996	2312		explorer.exe
PID 2312 wrote to memory of 996	2312		explorer.exe
PID 2312 wrote to memory of 2416	2312		explorer.exe
PID 2312 wrote to memory of 2416	2312		explorer.exe
PID 2312 wrote to memory of 2416	2312		explorer.exe

outlook_office_path 1 IoCs

Processes:

explorer.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	explorer.exe

outlook_win_path 1 IoCs

Processes:

explorer.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	explorer.exe

C:\Users\Admin\AppData\Local\Temp\92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
"C:\Users\Admin\AppData\Local\Temp\92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2204

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1984

C:\Users\Admin\AppData\Local\Temp\92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
C:\Users\Admin\AppData\Local\Temp\92f5bc1c04cfa529056b7f6cead4ec4aa2ce280ea51b166e4f62b7c40e0e32de.exe
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3056

C:\Users\Admin\AppData\Local\Temp\213F.exe
C:\Users\Admin\AppData\Local\Temp\213F.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 1384
2⤵
- Program crash
PID:4596

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
- Accesses Microsoft Outlook profiles
- outlook_office_path
- outlook_win_path
PID:4852

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:600

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4104

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:2064

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:996

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:2416

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Email Collection

T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\213F.exe
Filesize
34KB

MD5
942d4384987c409eb5c3b5609a1c5216

SHA1
f705df7ca7b570357a19b19d28e5ea232c12e163

SHA256
46b3863afa7d05696d16d90c4fd7fefa1f2c9cb333dbf5abaacee35e39c0feee

SHA512
273620b4937d269735c4e915fa4f6c0dd48366b330fc7b2af37bdfb84a4e0813cbfa5fce78a96d2284d06ef43a2320b87a1a1fdc822aca75fbc373d12d808f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\213F.exe
Filesize
34KB

MD5
942d4384987c409eb5c3b5609a1c5216

SHA1
f705df7ca7b570357a19b19d28e5ea232c12e163

SHA256
46b3863afa7d05696d16d90c4fd7fefa1f2c9cb333dbf5abaacee35e39c0feee

SHA512
273620b4937d269735c4e915fa4f6c0dd48366b330fc7b2af37bdfb84a4e0813cbfa5fce78a96d2284d06ef43a2320b87a1a1fdc822aca75fbc373d12d808f88

Download Submit
memory/600-419-0x0000000000A30000-0x0000000000A3C000-memory.dmp

Filesize
48KB

Download
memory/600-404-0x0000000000000000-mapping.dmp

Download
memory/996-599-0x0000000000630000-0x0000000000635000-memory.dmp

Filesize
20KB

Download
memory/996-594-0x0000000000630000-0x0000000000635000-memory.dmp

Filesize
20KB

Download
memory/996-525-0x0000000000000000-mapping.dmp

Download
memory/996-595-0x0000000000620000-0x0000000000629000-memory.dmp

Filesize
36KB

Download
memory/1984-269-0x0000000008380000-0x00000000083E6000-memory.dmp

Filesize
408KB

Download
memory/1984-288-0x000000000A390000-0x000000000AA08000-memory.dmp

Filesize
6.5MB

Download
memory/1984-272-0x0000000007C20000-0x0000000007C3C000-memory.dmp

Filesize
112KB

Download
memory/1984-273-0x0000000008850000-0x000000000889B000-memory.dmp

Filesize
300KB

Download
memory/1984-277-0x0000000008B00000-0x0000000008B76000-memory.dmp

Filesize
472KB

Download
memory/1984-208-0x0000000000000000-mapping.dmp

Download
memory/1984-268-0x0000000007B50000-0x0000000007BB6000-memory.dmp

Filesize
408KB

Download
memory/1984-249-0x0000000007C50000-0x0000000008278000-memory.dmp

Filesize
6.2MB

Download
memory/1984-244-0x00000000052D0000-0x0000000005306000-memory.dmp

Filesize
216KB

Download
memory/1984-289-0x0000000009B40000-0x0000000009B5A000-memory.dmp

Filesize
104KB

Download
memory/2064-596-0x0000000000AF0000-0x0000000000AF9000-memory.dmp

Filesize
36KB

Download
memory/2064-486-0x0000000000000000-mapping.dmp

Download
memory/2064-519-0x0000000000AF0000-0x0000000000AF9000-memory.dmp

Filesize
36KB

Download
memory/2064-520-0x0000000000AE0000-0x0000000000AEF000-memory.dmp

Filesize
60KB

Download
memory/2204-169-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-180-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-139-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-140-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-141-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-142-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-143-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-144-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-145-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-146-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-147-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-148-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-149-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-150-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-151-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-152-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-153-0x0000000000ED0000-0x0000000000EDC000-memory.dmp

Filesize
48KB

Download
memory/2204-154-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-155-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-156-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-157-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-158-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-159-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-160-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-161-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-162-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-163-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-164-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-165-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-166-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-167-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-168-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-137-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-170-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-171-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-172-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-173-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-174-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-175-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-176-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-177-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-178-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-179-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-138-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-181-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-182-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-183-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-184-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-192-0x0000000005FA0000-0x0000000006008000-memory.dmp

Filesize
416KB

Download
memory/2204-136-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-135-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-134-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-133-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-132-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-193-0x0000000006B80000-0x000000000707E000-memory.dmp

Filesize
5.0MB

Download
memory/2204-194-0x0000000006780000-0x0000000006812000-memory.dmp

Filesize
584KB

Download
memory/2204-195-0x0000000006820000-0x00000000068B2000-memory.dmp

Filesize
584KB

Download
memory/2204-196-0x0000000006910000-0x0000000006932000-memory.dmp

Filesize
136KB

Download
memory/2204-198-0x0000000007080000-0x00000000073D0000-memory.dmp

Filesize
3.3MB

Download
memory/2204-120-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-121-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-122-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-123-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-131-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-130-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-124-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-125-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-129-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-128-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-126-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2204-127-0x0000000077540000-0x00000000776CE000-memory.dmp

Filesize
1.6MB

Download
memory/2416-584-0x0000000000000000-mapping.dmp

Download
memory/2416-598-0x0000000000BD0000-0x0000000000BD6000-memory.dmp

Filesize
24KB

Download
memory/2416-593-0x0000000000BC0000-0x0000000000BCC000-memory.dmp

Filesize
48KB

Download
memory/2416-592-0x0000000000BD0000-0x0000000000BD6000-memory.dmp

Filesize
24KB

Download
memory/3056-328-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-327-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3056-296-0x0000000000402EF0-mapping.dmp

Download
memory/4088-368-0x0000000000380000-0x000000000038E000-memory.dmp

Filesize
56KB

Download
memory/4088-329-0x0000000000000000-mapping.dmp

Download
memory/4104-522-0x0000000003470000-0x000000000347B000-memory.dmp

Filesize
44KB

Download
memory/4104-521-0x0000000003480000-0x0000000003487000-memory.dmp

Filesize
28KB

Download
memory/4104-442-0x0000000000000000-mapping.dmp

Download
memory/4104-597-0x0000000003480000-0x0000000003487000-memory.dmp

Filesize
28KB

Download
memory/4852-360-0x0000000000000000-mapping.dmp

Download
memory/4852-587-0x0000000000B60000-0x0000000000BCB000-memory.dmp

Filesize
428KB

Download
memory/4852-516-0x0000000000BD0000-0x0000000000C45000-memory.dmp

Filesize
468KB

Download
memory/4852-518-0x0000000000B60000-0x0000000000BCB000-memory.dmp

Filesize
428KB

Download