eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Analysis

max time kernel
150s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trojan-leaks-main/AjarSys.exe
Size

5.8MB
MD5

0816a1e816f9737a1fd3eaa7493aa075
SHA1

682405e63e3cfa28f955ea4eee2890b93fa6414d
SHA256

418f6ff813bbbbe5344b9f8fea28948259bcfd28d424f1354289f5071c85d6ca
SHA512

640000c30a3c1e8d05bc5383daa405303596b8694e11a17a04a77e3cf0688a887f35a7f8d38ffea89e8a3ba6e36e63c4b39285b83bfffa55e9fab5cc595484a8
SSDEEP

98304:wYOgp0AsZKigPWKQ/HVRBH9vYewem9lTTdxlN7/c3DgPY9rT6Bl1tF:wYL0rtC3Q/pdePbH7/0DIYNT6LbF

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AjarSys.exeAjarSystem.exeASLib.exeOpenAll.exediskdestroyer.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	AjarSys.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	AjarSystem.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	ASLib.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	OpenAll.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	diskdestroyer.exe

Executes dropped EXE 8 IoCs

Processes:

AjarSystem.exeASLib.exeOpenAll.exeSound.exered.exeerror.exeNoise.exediskdestroyer.exe

pid process

224 AjarSystem.exe
4724 ASLib.exe
3396 OpenAll.exe
2732 Sound.exe
4432 red.exe
3840 error.exe
3040 Noise.exe
2664 diskdestroyer.exe
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

mountvol.exemountvol.exe

description ioc process

File opened (read-only) \??\B: mountvol.exe
File opened (read-only) \??\A: mountvol.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4116 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4116 AUDIODG.EXE
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AjarSystem.exeOpenAll.exeSound.exered.exeerror.exeNoise.exediskdestroyer.exe

pid process

224 AjarSystem.exe
3396 OpenAll.exe
2732 Sound.exe
4432 red.exe
3840 error.exe
3040 Noise.exe
2664 diskdestroyer.exe

pid	process
224	AjarSystem.exe
4724	ASLib.exe
3396	OpenAll.exe
2732	Sound.exe
4432	red.exe
3840	error.exe
3040	Noise.exe
2664	diskdestroyer.exe

description	ioc	process
File opened (read-only)	\??\B:	mountvol.exe
File opened (read-only)	\??\A:	mountvol.exe

description	pid	process
Token: 33	4116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4116	AUDIODG.EXE

pid	process
224	AjarSystem.exe
3396	OpenAll.exe
2732	Sound.exe
4432	red.exe
3840	error.exe
3040	Noise.exe
2664	diskdestroyer.exe

Suspicious use of WriteProcessMemory 34 IoCs

Processes:

AjarSys.exeAjarSystem.execmd.exeASLib.exeOpenAll.exediskdestroyer.execmd.exe

description	pid	process	target process
PID 1240 wrote to memory of 224	1240	AjarSys.exe	AjarSystem.exe
PID 1240 wrote to memory of 224	1240	AjarSys.exe	AjarSystem.exe
PID 1240 wrote to memory of 224	1240	AjarSys.exe	AjarSystem.exe
PID 224 wrote to memory of 3780	224	AjarSystem.exe	cmd.exe
PID 224 wrote to memory of 3780	224	AjarSystem.exe	cmd.exe
PID 3780 wrote to memory of 4724	3780	cmd.exe	ASLib.exe
PID 3780 wrote to memory of 4724	3780	cmd.exe	ASLib.exe
PID 3780 wrote to memory of 4724	3780	cmd.exe	ASLib.exe
PID 4724 wrote to memory of 3396	4724	ASLib.exe	OpenAll.exe
PID 4724 wrote to memory of 3396	4724	ASLib.exe	OpenAll.exe
PID 4724 wrote to memory of 3396	4724	ASLib.exe	OpenAll.exe
PID 3396 wrote to memory of 2732	3396	OpenAll.exe	Sound.exe
PID 3396 wrote to memory of 2732	3396	OpenAll.exe	Sound.exe
PID 3396 wrote to memory of 2732	3396	OpenAll.exe	Sound.exe
PID 3396 wrote to memory of 4432	3396	OpenAll.exe	red.exe
PID 3396 wrote to memory of 4432	3396	OpenAll.exe	red.exe
PID 3396 wrote to memory of 4432	3396	OpenAll.exe	red.exe
PID 3396 wrote to memory of 3840	3396	OpenAll.exe	error.exe
PID 3396 wrote to memory of 3840	3396	OpenAll.exe	error.exe
PID 3396 wrote to memory of 3840	3396	OpenAll.exe	error.exe
PID 3396 wrote to memory of 3040	3396	OpenAll.exe	Noise.exe
PID 3396 wrote to memory of 3040	3396	OpenAll.exe	Noise.exe
PID 3396 wrote to memory of 3040	3396	OpenAll.exe	Noise.exe
PID 3396 wrote to memory of 2664	3396	OpenAll.exe	diskdestroyer.exe
PID 3396 wrote to memory of 2664	3396	OpenAll.exe	diskdestroyer.exe
PID 3396 wrote to memory of 2664	3396	OpenAll.exe	diskdestroyer.exe
PID 2664 wrote to memory of 1220	2664	diskdestroyer.exe	cmd.exe
PID 2664 wrote to memory of 1220	2664	diskdestroyer.exe	cmd.exe
PID 1220 wrote to memory of 2552	1220	cmd.exe	mountvol.exe
PID 1220 wrote to memory of 2552	1220	cmd.exe	mountvol.exe
PID 1220 wrote to memory of 2240	1220	cmd.exe	mountvol.exe
PID 1220 wrote to memory of 2240	1220	cmd.exe	mountvol.exe
PID 1220 wrote to memory of 1748	1220	cmd.exe	mountvol.exe
PID 1220 wrote to memory of 1748	1220	cmd.exe	mountvol.exe

C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\AjarSys.exe
"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\AjarSys.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\AjarSystem.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\AjarSystem.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\15CA.tmp\15CB.tmp\15CC.bat C:\Users\Admin\AppData\Local\Temp\RarSFX0\AjarSystem.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\ASLib.exe
      ASLib.exe -p@$L1b -dC:\Users\Admin\AppData\Local\Temp
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\OpenAll.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OpenAll.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Sound.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sound.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\red.exe
        
        "C:\Users\Admin\AppData\Local\Temp\red.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Noise.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Noise.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\error.exe
        
        "C:\Users\Admin\AppData\Local\Temp\error.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\diskdestroyer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\diskdestroyer.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2664
        
        C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2D1B.tmp\2D1C.tmp\2D1D.bat C:\Users\Admin\AppData\Local\Temp\diskdestroyer.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:1220
        
        C:\Windows\system32\mountvol.exe
        
        mountvol A:\ /D
        8⤵
        Enumerates connected drives
        
        PID:2552
        
        C:\Windows\system32\mountvol.exe
        
        mountvol B:\ /D
        8⤵
        Enumerates connected drives
        
        PID:2240
        
        C:\Windows\system32\mountvol.exe
        
        mountvol C:\ /D
        8⤵
        
        PID:1748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15CA.tmp\15CB.tmp\15CC.bat

Filesize
37B

MD5
9d38ca2f5b6b20698c106a71d78a39d3

SHA1
aaf3ee5b10303a599fc4bb5e18643e5f4bef9bc3

SHA256
e7f18f87f25d9f2c0a8e51cdb7df01b57c4063f8cb14b16efadfa579243c80ea

SHA512
a2a864aa734fbe52a75db72eda7a033189869e4ef414d63b200580674483aaa9780c9ad2d1c6f64424ab2271b54c6e861bc86148abb2845bed702052e4afa5c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2D1B.tmp\2D1C.tmp\2D1D.bat

Filesize
448B

MD5
799bcbf06b30a24abca9d67a87aa7ce1

SHA1
775b9f11cd9ce520fa020a9ebf51ef0098ae6698

SHA256
afd37a6263be867f11b20537c1457db478378f4250989ecc654ee531d09c1276

SHA512
2b9515c200defb3567d03cbde1bda90ef1e82f2b2fe6fa18b460ce7b8a9f60599491c664b67c2012813d2d1ebf009fdee7e90e77b264f54e15c194900e9b85cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Noise.exe

Filesize
2.5MB

MD5
8fc1142d14d3f202041454f02443cf86

SHA1
d00220ab94b0305ee0fe5319d1cfa6229e99885e

SHA256
0068636924e7c0d0074d594f94156b3a3428e7a6dad72ffdb24202f34fa14dab

SHA512
3c50fcc51fd31e7243e305d447ef40c1e3cb6b47212b41e0a940d004d788b463764abb4f19f6f9b6ea902a9ef4e9dd6cd9ac8e922b43d4f5def295bde2cc2807

Download Submit
C:\Users\Admin\AppData\Local\Temp\Noise.exe

Filesize
2.5MB

MD5
8fc1142d14d3f202041454f02443cf86

SHA1
d00220ab94b0305ee0fe5319d1cfa6229e99885e

SHA256
0068636924e7c0d0074d594f94156b3a3428e7a6dad72ffdb24202f34fa14dab

SHA512
3c50fcc51fd31e7243e305d447ef40c1e3cb6b47212b41e0a940d004d788b463764abb4f19f6f9b6ea902a9ef4e9dd6cd9ac8e922b43d4f5def295bde2cc2807

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenAll.exe

Filesize
359KB

MD5
2f0f0fe2ccee8ac13fb5c7d259a5f002

SHA1
f04097d8fd83f709df8691c40216c80f79e18981

SHA256
495428cf3b39c9dc80641fcbc8739e56ccfe37604968a68c595666a7684ce3aa

SHA512
aba50b51c3e0839feb9b885cc1a87db61a2aa0fc46ff704ba89e5ca32e4c15fed584fadd2c4f8b47bcb627570256e05796146c06f18a43be9d17fc70fd739f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenAll.exe

Filesize
359KB

MD5
2f0f0fe2ccee8ac13fb5c7d259a5f002

SHA1
f04097d8fd83f709df8691c40216c80f79e18981

SHA256
495428cf3b39c9dc80641fcbc8739e56ccfe37604968a68c595666a7684ce3aa

SHA512
aba50b51c3e0839feb9b885cc1a87db61a2aa0fc46ff704ba89e5ca32e4c15fed584fadd2c4f8b47bcb627570256e05796146c06f18a43be9d17fc70fd739f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenAll.exe

Filesize
359KB

MD5
2f0f0fe2ccee8ac13fb5c7d259a5f002

SHA1
f04097d8fd83f709df8691c40216c80f79e18981

SHA256
495428cf3b39c9dc80641fcbc8739e56ccfe37604968a68c595666a7684ce3aa

SHA512
aba50b51c3e0839feb9b885cc1a87db61a2aa0fc46ff704ba89e5ca32e4c15fed584fadd2c4f8b47bcb627570256e05796146c06f18a43be9d17fc70fd739f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ASLib.exe

Filesize
5.7MB

MD5
f32ca324c5efd03baa77d02a2d6c93e1

SHA1
0904821bfc023a8970240f31fd1bacb06dedd961

SHA256
adf652e07642597466a7c60bb512d9f6ec927f0e217a76e8625123974982a525

SHA512
31a7ddfb463d5c5d94d66bf84b2f55a7b87caddc433e4ac71d9fe8b43098b56172b170c4bff84ca3641aa2466576d7499ad6742aa98de66cb9a87b9d7caab0f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ASLib.exe

Filesize
5.7MB

MD5
f32ca324c5efd03baa77d02a2d6c93e1

SHA1
0904821bfc023a8970240f31fd1bacb06dedd961

SHA256
adf652e07642597466a7c60bb512d9f6ec927f0e217a76e8625123974982a525

SHA512
31a7ddfb463d5c5d94d66bf84b2f55a7b87caddc433e4ac71d9fe8b43098b56172b170c4bff84ca3641aa2466576d7499ad6742aa98de66cb9a87b9d7caab0f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\AjarSystem.exe

Filesize
87KB

MD5
39952a00847a65cb5b192c28e81445ee

SHA1
e650da31ee60842483a37c7b761b5372add7fbe1

SHA256
fb796ea1d7c377fa8e3630ceb0b10479a738ef23bdaa6fde5c980c04c6e5d027

SHA512
e851486624fc1df056f88b229fe6f5129a1bb5218d374ff65b93178b246e610a1f5d065cf6e379c37c21fb0f8f47d75f7d80802c0d94a777149197bdd89f498b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\AjarSystem.exe

Filesize
87KB

MD5
39952a00847a65cb5b192c28e81445ee

SHA1
e650da31ee60842483a37c7b761b5372add7fbe1

SHA256
fb796ea1d7c377fa8e3630ceb0b10479a738ef23bdaa6fde5c980c04c6e5d027

SHA512
e851486624fc1df056f88b229fe6f5129a1bb5218d374ff65b93178b246e610a1f5d065cf6e379c37c21fb0f8f47d75f7d80802c0d94a777149197bdd89f498b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\AjarSystem.exe

Filesize
87KB

MD5
39952a00847a65cb5b192c28e81445ee

SHA1
e650da31ee60842483a37c7b761b5372add7fbe1

SHA256
fb796ea1d7c377fa8e3630ceb0b10479a738ef23bdaa6fde5c980c04c6e5d027

SHA512
e851486624fc1df056f88b229fe6f5129a1bb5218d374ff65b93178b246e610a1f5d065cf6e379c37c21fb0f8f47d75f7d80802c0d94a777149197bdd89f498b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sound.exe

Filesize
359KB

MD5
7bfc8ab77270809d4ab9932ddee9086a

SHA1
8461ed3470bd8d71cb2c5375c9bb3a77c5787cbc

SHA256
b8f43fc7ac936cac21fe4ee2046e3fecdc69e503994fb8ca4fd26282c075e3ea

SHA512
9a2a9a9a61b221730924e10a969d3489d0de49029b6d5a199bdd9eaf3a43ccf897537f98ed72655a06be54ea18c9a8dcbf8bf8d1656cc433b4d8dee9aad852d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sound.exe

Filesize
359KB

MD5
7bfc8ab77270809d4ab9932ddee9086a

SHA1
8461ed3470bd8d71cb2c5375c9bb3a77c5787cbc

SHA256
b8f43fc7ac936cac21fe4ee2046e3fecdc69e503994fb8ca4fd26282c075e3ea

SHA512
9a2a9a9a61b221730924e10a969d3489d0de49029b6d5a199bdd9eaf3a43ccf897537f98ed72655a06be54ea18c9a8dcbf8bf8d1656cc433b4d8dee9aad852d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\diskdestroyer.exe

Filesize
87KB

MD5
c41817af1c8343debfad342ac6502ab8

SHA1
af79a175cadecee91e1299ba737874337d9dd590

SHA256
abf949f60c1a2f377b534f8cca248a274a30455905fc3d2f5859b05bd2ab5c3d

SHA512
d45a292f389fcc4ac746516746c566ffc24f948ada370b0806c1df92b3ff1050a8b68efd5554a5db6164d28e46d8816649e24785b8a0dc8c3f5ce118d54b51c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\diskdestroyer.exe

Filesize
87KB

MD5
c41817af1c8343debfad342ac6502ab8

SHA1
af79a175cadecee91e1299ba737874337d9dd590

SHA256
abf949f60c1a2f377b534f8cca248a274a30455905fc3d2f5859b05bd2ab5c3d

SHA512
d45a292f389fcc4ac746516746c566ffc24f948ada370b0806c1df92b3ff1050a8b68efd5554a5db6164d28e46d8816649e24785b8a0dc8c3f5ce118d54b51c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\error.exe

Filesize
48KB

MD5
4a62a62dbde30e8489771c68a72d46d7

SHA1
e9a2659468f9f326b2821edfc84bbe22d6dde64e

SHA256
30f79f9e19e590b6fa4caf9a492b748cbffbffa96b763323228e3a420e0ae163

SHA512
d8221d1de1fa01afa6830e74944d69e39f0249fdfd9211e3806ac484fb93862fc5d04049472c18fb80afadf95439c953e0f3602c5f162b61871627cf47f6b6f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\error.exe

Filesize
48KB

MD5
4a62a62dbde30e8489771c68a72d46d7

SHA1
e9a2659468f9f326b2821edfc84bbe22d6dde64e

SHA256
30f79f9e19e590b6fa4caf9a492b748cbffbffa96b763323228e3a420e0ae163

SHA512
d8221d1de1fa01afa6830e74944d69e39f0249fdfd9211e3806ac484fb93862fc5d04049472c18fb80afadf95439c953e0f3602c5f162b61871627cf47f6b6f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\red.exe

Filesize
50KB

MD5
1a1bff7d50b030c8fef04cf3690ea9db

SHA1
76e45523c9630af83f0be68e5ca2fd3b2e2201c6

SHA256
ebb449f07966c7d638dfe56b349706a1e7b38bafc0ba419625223cb7f91f3031

SHA512
8a87cab8669fdc21c98973aea068951c1d6b70996298e29ce3f49e90aac5ad99b25ffa42623a630cc3255cafc73fd4f8f61029d3af7de5554c2e21c6e3994859

Download Submit
C:\Users\Admin\AppData\Local\Temp\red.exe

Filesize
50KB

MD5
1a1bff7d50b030c8fef04cf3690ea9db

SHA1
76e45523c9630af83f0be68e5ca2fd3b2e2201c6

SHA256
ebb449f07966c7d638dfe56b349706a1e7b38bafc0ba419625223cb7f91f3031

SHA512
8a87cab8669fdc21c98973aea068951c1d6b70996298e29ce3f49e90aac5ad99b25ffa42623a630cc3255cafc73fd4f8f61029d3af7de5554c2e21c6e3994859

Download Submit
C:\Users\Admin\AppData\Local\Temp\snd.wav

Filesize
5.0MB

MD5
6ec4b2cf3c320af5ab766a0816560a50

SHA1
304138a303969f55de0e77bce78ff613ed4f708c

SHA256
fd9cf1cb662429674008ab18ab0e84ac62aa7daa8dca0efb5df66d0e2b862935

SHA512
8ddd3df7fb56349034e3cee289589e301dfd3ae312501994a08dc0d4139de0422f68c99c7efecc1da43831f78337a82e8a41580990dd531194691d5d74938be7

Download Submit
memory/2732-180-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2732-187-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3040-181-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/3040-206-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-242-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-238-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-234-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-190-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-194-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-198-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-202-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-230-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-210-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-214-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-218-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-222-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3040-226-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/3396-184-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3396-179-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/3840-189-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4432-188-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download