512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03-09-2023 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Size

6.2MB
MD5

80dabac06dea10909912c454ab3f755d
SHA1

ac898a9aa1e5884e15efdcc30ce652df5995fbe5
SHA256

512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6
SHA512

7094173ab103e24f4ff98a5ce619ba6dae0c25e91709b31ad5ae58e36a9cb8009a8f06827df31d045da6e114e89aac541c4df035e00701f867d3085c88d965d0
SSDEEP

196608:v/WZu0t+eD17aCyMWY5GV2oUZ0bqb9zO6c3u:Wt6CXGVTUZ5w6c3

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2976	ÔÆÓÎºÏ»÷(¹ý°×).exe
3032	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

UPX packed file 35 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2988-0-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2988-1749-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2988-8699-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2988-8702-0x0000000000280000-0x0000000000288000-memory.dmp	upx
behavioral1/memory/2988-8704-0x00000000001E0000-0x00000000001EB000-memory.dmp	upx
behavioral1/memory/2988-8703-0x00000000003E0000-0x00000000003EB000-memory.dmp	upx
behavioral1/memory/2988-8700-0x0000000000270000-0x000000000027B000-memory.dmp	upx
behavioral1/memory/2988-8708-0x00000000003F0000-0x00000000003FB000-memory.dmp	upx
behavioral1/memory/2988-8709-0x0000000001670000-0x0000000001678000-memory.dmp	upx
behavioral1/files/0x000100000000002d-8717.dat	upx
behavioral1/memory/2988-8719-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2988-8720-0x00000000001E0000-0x00000000001EB000-memory.dmp	upx
behavioral1/memory/2308-8721-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2308-10548-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2308-17421-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2308-17423-0x00000000002E0000-0x00000000002EB000-memory.dmp	upx
behavioral1/memory/2308-17425-0x0000000002D20000-0x0000000002D28000-memory.dmp	upx
behavioral1/memory/2308-17427-0x0000000002D80000-0x0000000002D8B000-memory.dmp	upx
behavioral1/memory/2308-17428-0x0000000002D90000-0x0000000002D9B000-memory.dmp	upx
behavioral1/memory/2308-17429-0x00000000002F0000-0x00000000002FB000-memory.dmp	upx
behavioral1/memory/2308-17430-0x0000000002DA0000-0x0000000002DA8000-memory.dmp	upx
behavioral1/files/0x000100000000002d-17439.dat	upx
behavioral1/memory/2308-17441-0x0000000005DD0000-0x0000000005DE0000-memory.dmp	upx
behavioral1/files/0x000100000000002e-17449.dat	upx
behavioral1/files/0x000100000000002e-17446.dat	upx
behavioral1/memory/2976-17453-0x0000000000400000-0x0000000001115000-memory.dmp	upx
behavioral1/files/0x000100000000002e-17454.dat	upx
behavioral1/memory/2976-17459-0x0000000000400000-0x0000000001115000-memory.dmp	upx
behavioral1/files/0x000100000000002d-17461.dat	upx
behavioral1/memory/3032-17462-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2308-17463-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2308-17498-0x0000000000400000-0x00000000014F7000-memory.dmp	upx
behavioral1/memory/2308-17499-0x0000000002DA0000-0x0000000002DA8000-memory.dmp	upx
behavioral1/memory/2308-17501-0x0000000002D80000-0x0000000002D8B000-memory.dmp	upx
behavioral1/memory/3032-17503-0x0000000000400000-0x00000000014F7000-memory.dmp	upx

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ÔÆÓÎºÏ»÷(¹ý°×).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ÔÆÓÎºÏ»÷(¹ý°×).exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ÔÆÓÎºÏ»÷(¹ý°×).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	ÔÆÓÎºÏ»÷(¹ý°×).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	ÔÆÓÎºÏ»÷(¹ý°×).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	ÔÆÓÎºÏ»÷(¹ý°×).exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
Token: SeDebugPrivilege	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2308	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	30
PID 2988 wrote to memory of 2308	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	30
PID 2988 wrote to memory of 2308	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	30
PID 2988 wrote to memory of 2308	2988	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	30
PID 2308 wrote to memory of 2976	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	32
PID 2308 wrote to memory of 2976	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	32
PID 2308 wrote to memory of 2976	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	32
PID 2308 wrote to memory of 2976	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	32
PID 2308 wrote to memory of 3032	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	34
PID 2308 wrote to memory of 3032	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	34
PID 2308 wrote to memory of 3032	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	34
PID 2308 wrote to memory of 3032	2308	512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe	34

C:\Users\Admin\AppData\Local\Temp\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
"C:\Users\Admin\AppData\Local\Temp\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
  "F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2308
- - F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\ÔÆÓÎºÏ»÷(¹ý°×).exe
    "F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\ÔÆÓÎºÏ»÷(¹ý°×).exe"
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:2976
- - F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
    F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe
    3⤵
    - Executes dropped EXE
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Filesize
6.2MB

MD5
80dabac06dea10909912c454ab3f755d

SHA1
ac898a9aa1e5884e15efdcc30ce652df5995fbe5

SHA256
512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6

SHA512
7094173ab103e24f4ff98a5ce619ba6dae0c25e91709b31ad5ae58e36a9cb8009a8f06827df31d045da6e114e89aac541c4df035e00701f867d3085c88d965d0

Download Submit
F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Filesize
6.2MB

MD5
80dabac06dea10909912c454ab3f755d

SHA1
ac898a9aa1e5884e15efdcc30ce652df5995fbe5

SHA256
512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6

SHA512
7094173ab103e24f4ff98a5ce619ba6dae0c25e91709b31ad5ae58e36a9cb8009a8f06827df31d045da6e114e89aac541c4df035e00701f867d3085c88d965d0

Download Submit
F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6.exe

Filesize
6.2MB

MD5
80dabac06dea10909912c454ab3f755d

SHA1
ac898a9aa1e5884e15efdcc30ce652df5995fbe5

SHA256
512b01428d7b64b349c54f3249ef77e523b722499fa44cb0e395e0eb80c037b6

SHA512
7094173ab103e24f4ff98a5ce619ba6dae0c25e91709b31ad5ae58e36a9cb8009a8f06827df31d045da6e114e89aac541c4df035e00701f867d3085c88d965d0

Download Submit
F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\ÔÆÓÎºÏ»÷(¹ý°×).exe

Filesize
5.7MB

MD5
262e798cb2edfa94f06611d29a3719e9

SHA1
50d8564bc05c39225e78f6890db3bd1fb1cec66c

SHA256
5510c863dbd2011b222955258a2a3a0ac005d75857c5a358f5f4ea2892f3d25c

SHA512
af350c652097322532e83754354d52a5d0fadc9e7e185c95897f9133fea8fa01a5b0f643216c8f8ea4190997461aedf72e458aeb4ce01bbc3ecc064bf6eec23c

Download Submit
F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\ÔÆÓÎºÏ»÷(¹ý°×).exe

Filesize
5.7MB

MD5
262e798cb2edfa94f06611d29a3719e9

SHA1
50d8564bc05c39225e78f6890db3bd1fb1cec66c

SHA256
5510c863dbd2011b222955258a2a3a0ac005d75857c5a358f5f4ea2892f3d25c

SHA512
af350c652097322532e83754354d52a5d0fadc9e7e185c95897f9133fea8fa01a5b0f643216c8f8ea4190997461aedf72e458aeb4ce01bbc3ecc064bf6eec23c

Download Submit
F:\ÔÆÓÎºÏ»÷(Î¢¶Ë)\ÔÆÓÎºÏ»÷(¹ý°×).exe

Filesize
5.7MB

MD5
262e798cb2edfa94f06611d29a3719e9

SHA1
50d8564bc05c39225e78f6890db3bd1fb1cec66c

SHA256
5510c863dbd2011b222955258a2a3a0ac005d75857c5a358f5f4ea2892f3d25c

SHA512
af350c652097322532e83754354d52a5d0fadc9e7e185c95897f9133fea8fa01a5b0f643216c8f8ea4190997461aedf72e458aeb4ce01bbc3ecc064bf6eec23c

Download Submit
memory/2308-17428-0x0000000002D90000-0x0000000002D9B000-memory.dmp

Filesize
44KB

Download
memory/2308-17430-0x0000000002DA0000-0x0000000002DA8000-memory.dmp

Filesize
32KB

Download
memory/2308-8721-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2308-10548-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2308-17463-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2308-11271-0x0000000002FA0000-0x0000000003121000-memory.dmp

Filesize
1.5MB

Download
memory/2308-17451-0x000000000AA00000-0x000000000B715000-memory.dmp

Filesize
13.1MB

Download
memory/2308-17450-0x000000000AA00000-0x000000000B715000-memory.dmp

Filesize
13.1MB

Download
memory/2308-17498-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2308-17499-0x0000000002DA0000-0x0000000002DA8000-memory.dmp

Filesize
32KB

Download
memory/2308-17441-0x0000000005DD0000-0x0000000005DE0000-memory.dmp

Filesize
64KB

Download
memory/2308-17501-0x0000000002D80000-0x0000000002D8B000-memory.dmp

Filesize
44KB

Download
memory/2308-17431-0x0000000002E40000-0x0000000002E47000-memory.dmp

Filesize
28KB

Download
memory/2308-17412-0x0000000003250000-0x0000000003361000-memory.dmp

Filesize
1.1MB

Download
memory/2308-17429-0x00000000002F0000-0x00000000002FB000-memory.dmp

Filesize
44KB

Download
memory/2308-17500-0x0000000002E40000-0x0000000002E47000-memory.dmp

Filesize
28KB

Download
memory/2308-17427-0x0000000002D80000-0x0000000002D8B000-memory.dmp

Filesize
44KB

Download
memory/2308-17426-0x0000000002D30000-0x0000000002D37000-memory.dmp

Filesize
28KB

Download
memory/2308-17425-0x0000000002D20000-0x0000000002D28000-memory.dmp

Filesize
32KB

Download
memory/2308-17423-0x00000000002E0000-0x00000000002EB000-memory.dmp

Filesize
44KB

Download
memory/2308-17421-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2976-17459-0x0000000000400000-0x0000000001115000-memory.dmp

Filesize
13.1MB

Download
memory/2976-17453-0x0000000000400000-0x0000000001115000-memory.dmp

Filesize
13.1MB

Download
memory/2976-17456-0x0000000003AA0000-0x0000000003B57000-memory.dmp

Filesize
732KB

Download
memory/2976-17457-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2988-846-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-854-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-872-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-1749-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2988-2549-0x0000000003150000-0x00000000032D1000-memory.dmp

Filesize
1.5MB

Download
memory/2988-8691-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-8699-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2988-8702-0x0000000000280000-0x0000000000288000-memory.dmp

Filesize
32KB

Download
memory/2988-8704-0x00000000001E0000-0x00000000001EB000-memory.dmp

Filesize
44KB

Download
memory/2988-8703-0x00000000003E0000-0x00000000003EB000-memory.dmp

Filesize
44KB

Download
memory/2988-8700-0x0000000000270000-0x000000000027B000-memory.dmp

Filesize
44KB

Download
memory/2988-8705-0x0000000000290000-0x0000000000297000-memory.dmp

Filesize
28KB

Download
memory/2988-8708-0x00000000003F0000-0x00000000003FB000-memory.dmp

Filesize
44KB

Download
memory/2988-8709-0x0000000001670000-0x0000000001678000-memory.dmp

Filesize
32KB

Download
memory/2988-8710-0x0000000001680000-0x0000000001687000-memory.dmp

Filesize
28KB

Download
memory/2988-868-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-8718-0x00000000076E0000-0x00000000087D7000-memory.dmp

Filesize
17.0MB

Download
memory/2988-8719-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2988-8720-0x00000000001E0000-0x00000000001EB000-memory.dmp

Filesize
44KB

Download
memory/2988-866-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-864-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-862-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-860-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-858-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-856-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-870-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-852-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-850-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-848-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-0-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/2988-844-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-842-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-840-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-838-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-836-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-834-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-832-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-830-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-828-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-824-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-826-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-822-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-820-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-818-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-1-0x00000000762C0000-0x0000000076307000-memory.dmp

Filesize
284KB

Download
memory/2988-816-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-814-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-812-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/2988-811-0x00000000032E0000-0x00000000033F1000-memory.dmp

Filesize
1.1MB

Download
memory/3032-17462-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download
memory/3032-17503-0x0000000000400000-0x00000000014F7000-memory.dmp

Filesize
17.0MB

Download