asyncrat | adb4d5bc0e359b762c9af262bcbaecd7effc14742631afdc650eb8b8feb54003

Analysis

max time kernel
111s
max time network
144s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-01-2023 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a53466fc1c01a7fa4ac637e46c8ca0cd.exe
Size

596KB
MD5

a53466fc1c01a7fa4ac637e46c8ca0cd
SHA1

1fd22e354e8ca425a1de630bffb54e2d10435b62
SHA256

adb4d5bc0e359b762c9af262bcbaecd7effc14742631afdc650eb8b8feb54003
SHA512

756e67a0241671a1dd7b42f5c481be79fc5f07f7a24e22abc0629d575a6f34362d4ccd35a5f6d6d831830a60495b2f25e11b205d0adcb115c8b8131895af277d
SSDEEP

12288:PToPWBv/cpGrU3ywDwK7KvDJCbAvyDcdSCYZLYL6h:PTbBv5rUTwK78dChctYZLYL6h

Score

10^/10

asyncrat vidar 818 persistence rat stealer

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

818

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815

Attributes

profile_id
818

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Async RAT payload 5 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/976-93-0x0000000000400000-0x0000000000422000-memory.dmp	asyncrat
behavioral1/memory/976-98-0x000000000041CE7E-mapping.dmp	asyncrat
behavioral1/memory/976-99-0x0000000000400000-0x0000000000422000-memory.dmp	asyncrat
behavioral1/memory/976-100-0x0000000000400000-0x0000000000422000-memory.dmp	asyncrat
behavioral1/memory/1156-107-0x0000000000130000-0x00000000001A6000-memory.dmp	asyncrat

Executes dropped EXE 3 IoCs

Processes:

scoresystem.exeWATCHT~2.EXE1717.exe

pid process

1420 scoresystem.exe
604 WATCHT~2.EXE
1156 1717.exe

pid	process
1420	scoresystem.exe
604	WATCHT~2.EXE
1156	1717.exe

Loads dropped DLL 7 IoCs

Processes:

a53466fc1c01a7fa4ac637e46c8ca0cd.exeWerFault.exe

pid	process
948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe
948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe
948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe
948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe
908	WerFault.exe
908	WerFault.exe
908	WerFault.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

scoresystem.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce	scoresystem.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	scoresystem.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

WATCHT~2.EXE1717.exe

description	pid	process	target process
PID 604 set thread context of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 1156 set thread context of 976	1156	1717.exe	vbc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

908 1156 WerFault.exe 1717.exe

pid	pid_target	process	target process
908	1156	WerFault.exe	1717.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

WATCHT~2.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	WATCHT~2.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	WATCHT~2.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

1384 powershell.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WATCHT~2.EXEpowershell.exevbc.exe

description pid process

Token: SeDebugPrivilege 604 WATCHT~2.EXE
Token: SeDebugPrivilege 1384 powershell.exe
Token: SeDebugPrivilege 976 vbc.exe

pid	process
1384	powershell.exe

description	pid	process
Token: SeDebugPrivilege	604	WATCHT~2.EXE
Token: SeDebugPrivilege	1384	powershell.exe
Token: SeDebugPrivilege	976	vbc.exe

Suspicious use of WriteProcessMemory 39 IoCs

Processes:

a53466fc1c01a7fa4ac637e46c8ca0cd.exescoresystem.exeWATCHT~2.EXE1717.exe

description	pid	process	target process
PID 948 wrote to memory of 1420	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	scoresystem.exe
PID 948 wrote to memory of 1420	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	scoresystem.exe
PID 948 wrote to memory of 1420	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	scoresystem.exe
PID 948 wrote to memory of 1420	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	scoresystem.exe
PID 1420 wrote to memory of 604	1420	scoresystem.exe	WATCHT~2.EXE
PID 1420 wrote to memory of 604	1420	scoresystem.exe	WATCHT~2.EXE
PID 1420 wrote to memory of 604	1420	scoresystem.exe	WATCHT~2.EXE
PID 1420 wrote to memory of 604	1420	scoresystem.exe	WATCHT~2.EXE
PID 604 wrote to memory of 1384	604	WATCHT~2.EXE	powershell.exe
PID 604 wrote to memory of 1384	604	WATCHT~2.EXE	powershell.exe
PID 604 wrote to memory of 1384	604	WATCHT~2.EXE	powershell.exe
PID 604 wrote to memory of 1384	604	WATCHT~2.EXE	powershell.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 604 wrote to memory of 744	604	WATCHT~2.EXE	AppLaunch.exe
PID 948 wrote to memory of 1156	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	1717.exe
PID 948 wrote to memory of 1156	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	1717.exe
PID 948 wrote to memory of 1156	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	1717.exe
PID 948 wrote to memory of 1156	948	a53466fc1c01a7fa4ac637e46c8ca0cd.exe	1717.exe
PID 1156 wrote to memory of 976	1156	1717.exe	vbc.exe
PID 1156 wrote to memory of 976	1156	1717.exe	vbc.exe
PID 1156 wrote to memory of 976	1156	1717.exe	vbc.exe
PID 1156 wrote to memory of 976	1156	1717.exe	vbc.exe
PID 1156 wrote to memory of 976	1156	1717.exe	vbc.exe
PID 1156 wrote to memory of 976	1156	1717.exe	vbc.exe
PID 1156 wrote to memory of 908	1156	1717.exe	WerFault.exe
PID 1156 wrote to memory of 908	1156	1717.exe	WerFault.exe
PID 1156 wrote to memory of 908	1156	1717.exe	WerFault.exe
PID 1156 wrote to memory of 908	1156	1717.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a53466fc1c01a7fa4ac637e46c8ca0cd.exe
"C:\Users\Admin\AppData\Local\Temp\a53466fc1c01a7fa4ac637e46c8ca0cd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:948

C:\Users\Admin\AppData\Local\Temp\RarSFX0\scoresystem.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\scoresystem.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1420

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WATCHT~2.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WATCHT~2.EXE
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:604

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMwA1AA==
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
4⤵
PID:744

C:\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1156

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 36
3⤵
- Loads dropped DLL
- Program crash
PID:908

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Scripting

T1064

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WATCHT~2.EXE
Filesize
362.4MB

MD5
10155f7d28c09033e8064c23d8d753db

SHA1
42362a2d24e1e7bf7f97a2f5fb72a81306536bb6

SHA256
2f78ba61101b4ae38e44d1e0edad8b195bc801b4cd91c4c8881d547c7073c655

SHA512
a626aa9a6f605bdfcb5d0455e1db27022b16a368aaefc2b7842c7aa188221ad9efa78ea1a7d915c0513e6ac3db564d2777601f1c7921864cacd793be6b81bd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WATCHT~2.EXE
Filesize
362.4MB

MD5
10155f7d28c09033e8064c23d8d753db

SHA1
42362a2d24e1e7bf7f97a2f5fb72a81306536bb6

SHA256
2f78ba61101b4ae38e44d1e0edad8b195bc801b4cd91c4c8881d547c7073c655

SHA512
a626aa9a6f605bdfcb5d0455e1db27022b16a368aaefc2b7842c7aa188221ad9efa78ea1a7d915c0513e6ac3db564d2777601f1c7921864cacd793be6b81bd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\scoresystem.exe
Filesize
630KB

MD5
de39a7b5729cecc97244042f6eb858f7

SHA1
be4b03f12f9a81a2cbf6c782c66d230e609e0424

SHA256
f2e08945074adcc47885bd4f848112b9605238d0cc00db1e686bc567b408e687

SHA512
e01266297515b23e6f25cfd379c6c611f3ea94a58d239b0f3cd5254c4de503a2ee7ca0b150b14da6b7c81954c15025e57ce88bd796d1d150832f51a69b57c0f8

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\1717.exe
Filesize
457KB

MD5
66e815946cfe9ffe0027ebf4db30fda9

SHA1
a0edd0ab8909ac842ec77573497fe7f40401beb8

SHA256
21314404c10b04494713bd805fff8d42fc63513b5a4c434b4826a41c9b556c22

SHA512
94335b7fb0c2952df4fbae0fa630f3ec5612783866d86d468f5b4429ba1c2617939ebeed7c54c8ebe2db9fa1f837e929974e646211ff8ce7e35c505c33679660

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\scoresystem.exe
Filesize
630KB

MD5
de39a7b5729cecc97244042f6eb858f7

SHA1
be4b03f12f9a81a2cbf6c782c66d230e609e0424

SHA256
f2e08945074adcc47885bd4f848112b9605238d0cc00db1e686bc567b408e687

SHA512
e01266297515b23e6f25cfd379c6c611f3ea94a58d239b0f3cd5254c4de503a2ee7ca0b150b14da6b7c81954c15025e57ce88bd796d1d150832f51a69b57c0f8

Download Submit
memory/604-64-0x0000000005390000-0x0000000005422000-memory.dmp

Filesize
584KB

Download
memory/604-63-0x0000000005C60000-0x0000000005DE2000-memory.dmp

Filesize
1.5MB

Download
memory/604-61-0x0000000001210000-0x000000000121A000-memory.dmp

Filesize
40KB

Download
memory/604-70-0x0000000004F90000-0x0000000004FFA000-memory.dmp

Filesize
424KB

Download
memory/604-58-0x0000000000000000-mapping.dmp

Download
memory/744-76-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-74-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-72-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-78-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-81-0x000000000042D63C-mapping.dmp

Download
memory/744-80-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-83-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-71-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/744-106-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/908-101-0x0000000000000000-mapping.dmp

Download
memory/948-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/976-98-0x000000000041CE7E-mapping.dmp

Download
memory/976-93-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/976-91-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/976-99-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/976-100-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1156-89-0x0000000000000000-mapping.dmp

Download
memory/1156-107-0x0000000000130000-0x00000000001A6000-memory.dmp

Filesize
472KB

Download
memory/1384-68-0x000000006F1C0000-0x000000006F76B000-memory.dmp

Filesize
5.7MB

Download
memory/1384-65-0x0000000000000000-mapping.dmp

Download
memory/1384-67-0x000000006F1C0000-0x000000006F76B000-memory.dmp

Filesize
5.7MB

Download
memory/1384-69-0x000000006F1C0000-0x000000006F76B000-memory.dmp

Filesize
5.7MB

Download
memory/1420-56-0x0000000000000000-mapping.dmp

Download