amadey | bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d182c5cc932fdf30690e58b1c7e297de.exe
Size

778KB
MD5

d182c5cc932fdf30690e58b1c7e297de
SHA1

249540ccad900d3cc6c5b2ccc9447d5ca895879d
SHA256

bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68
SHA512

7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380
SSDEEP

12288:6bgEa19Hi8mgRp0rAj67YdHZhvWvMS8jTRaFxnn4wGTl:zPmy0rm1XvWvt8jTw/0T

Score

10^/10

amadey trojan

Malware Config

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

d182c5cc932fdf30690e58b1c7e297de.exeUtsysc.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	d182c5cc932fdf30690e58b1c7e297de.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	Utsysc.exe

Executes dropped EXE 9 IoCs

Processes:

Utsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exe

pid process

1872 Utsysc.exe
3368 Utsysc.exe
4292 Utsysc.exe
2008 Utsysc.exe
3012 Utsysc.exe
3952 Utsysc.exe
3872 Utsysc.exe
3996 Utsysc.exe
820 Utsysc.exe

pid	process
1872	Utsysc.exe
3368	Utsysc.exe
4292	Utsysc.exe
2008	Utsysc.exe
3012	Utsysc.exe
3952	Utsysc.exe
3872	Utsysc.exe
3996	Utsysc.exe
820	Utsysc.exe

Suspicious use of SetThreadContext 5 IoCs

Processes:

d182c5cc932fdf30690e58b1c7e297de.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exe

description	pid	process	target process
PID 4784 set thread context of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 1872 set thread context of 3368	1872	Utsysc.exe	Utsysc.exe
PID 4292 set thread context of 3012	4292	Utsysc.exe	Utsysc.exe
PID 3952 set thread context of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3996 set thread context of 820	3996	Utsysc.exe	Utsysc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

4760 schtasks.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Utsysc.exe

pid process

4292 Utsysc.exe
4292 Utsysc.exe

pid	process
4760	schtasks.exe

pid	process
4292	Utsysc.exe
4292	Utsysc.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

d182c5cc932fdf30690e58b1c7e297de.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exe

description	pid	process
Token: SeDebugPrivilege	4784	d182c5cc932fdf30690e58b1c7e297de.exe
Token: SeDebugPrivilege	1872	Utsysc.exe
Token: SeDebugPrivilege	4292	Utsysc.exe
Token: SeDebugPrivilege	3952	Utsysc.exe
Token: SeDebugPrivilege	3996	Utsysc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

d182c5cc932fdf30690e58b1c7e297de.exe

pid process

2884 d182c5cc932fdf30690e58b1c7e297de.exe

pid	process
2884	d182c5cc932fdf30690e58b1c7e297de.exe

Suspicious use of WriteProcessMemory 59 IoCs

Processes:

d182c5cc932fdf30690e58b1c7e297de.exed182c5cc932fdf30690e58b1c7e297de.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exe

description	pid	process	target process
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 4784 wrote to memory of 2884	4784	d182c5cc932fdf30690e58b1c7e297de.exe	d182c5cc932fdf30690e58b1c7e297de.exe
PID 2884 wrote to memory of 1872	2884	d182c5cc932fdf30690e58b1c7e297de.exe	Utsysc.exe
PID 2884 wrote to memory of 1872	2884	d182c5cc932fdf30690e58b1c7e297de.exe	Utsysc.exe
PID 2884 wrote to memory of 1872	2884	d182c5cc932fdf30690e58b1c7e297de.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 1872 wrote to memory of 3368	1872	Utsysc.exe	Utsysc.exe
PID 3368 wrote to memory of 4760	3368	Utsysc.exe	schtasks.exe
PID 3368 wrote to memory of 4760	3368	Utsysc.exe	schtasks.exe
PID 3368 wrote to memory of 4760	3368	Utsysc.exe	schtasks.exe
PID 4292 wrote to memory of 2008	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 2008	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 2008	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 4292 wrote to memory of 3012	4292	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3952 wrote to memory of 3872	3952	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe
PID 3996 wrote to memory of 820	3996	Utsysc.exe	Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\d182c5cc932fdf30690e58b1c7e297de.exe
"C:\Users\Admin\AppData\Local\Temp\d182c5cc932fdf30690e58b1c7e297de.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4784

C:\Users\Admin\AppData\Local\Temp\d182c5cc932fdf30690e58b1c7e297de.exe
C:\Users\Admin\AppData\Local\Temp\d182c5cc932fdf30690e58b1c7e297de.exe
2⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2884

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
"C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1872

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3368

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe" /F
5⤵
- Creates scheduled task(s)
PID:4760

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4292

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
2⤵
- Executes dropped EXE
PID:2008

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
2⤵
- Executes dropped EXE
PID:3012

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3952

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
2⤵
- Executes dropped EXE
PID:3872

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3996

C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
2⤵
- Executes dropped EXE
PID:820

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Utsysc.exe.log
Filesize
1KB

MD5
f7047b64aa01f9d80c7a5e177ce2485c

SHA1
bab6005f4a30f12ee36b9abf6bfdfaa5411bbff8

SHA256
807356d2424d2d04f51ebd56f926d4d5a8318bc947c76569a3b5ca2c2f279915

SHA512
a9af5ace72eb66a6156a5d8764031cdc46feefffabb6898651f91a5af7f3bcef645e63e8d01ed35f1105e824d6830f6fa97e70adda2d5b148ffaff5f54ca248f

Download Submit
C:\Users\Admin\AppData\Local\Temp\771604342093
Filesize
79KB

MD5
c31dee8919c580b49735a2a6764bb525

SHA1
4ef65fcbd8e556ebc3148d18685e9a3e3c4b0019

SHA256
3d5be4dbb594d7e8373bbf23712256b03ab6089088393c28d58a265d871decf0

SHA512
61b5c309715fd3439549043ce812f102aa73e055c4ca704cfecc757246341cfab08e0d0b89220533d4cc501697a1ce753e758ebeb9d4c8f75bbaacb25910a32d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3eb8f6b2\Utsysc.exe
Filesize
778KB

MD5
d182c5cc932fdf30690e58b1c7e297de

SHA1
249540ccad900d3cc6c5b2ccc9447d5ca895879d

SHA256
bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68

SHA512
7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380

Download Submit
memory/820-82-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/820-84-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/820-85-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/1872-38-0x0000000072B80000-0x0000000073330000-memory.dmp

Filesize
7.7MB

Download
memory/1872-31-0x0000000072B80000-0x0000000073330000-memory.dmp

Filesize
7.7MB

Download
memory/1872-32-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

Filesize
64KB

Download
memory/2884-16-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2884-13-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2884-30-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2884-14-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2884-11-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3012-57-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3012-56-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3012-55-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3368-59-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3368-39-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3368-40-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3368-37-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3368-36-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3872-68-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3872-66-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3872-65-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3952-61-0x0000000072BF0000-0x00000000733A0000-memory.dmp

Filesize
7.7MB

Download
memory/3952-67-0x0000000072BF0000-0x00000000733A0000-memory.dmp

Filesize
7.7MB

Download
memory/3952-62-0x0000000005550000-0x0000000005560000-memory.dmp

Filesize
64KB

Download
memory/3996-78-0x0000000072BF0000-0x00000000733A0000-memory.dmp

Filesize
7.7MB

Download
memory/3996-83-0x0000000072BF0000-0x00000000733A0000-memory.dmp

Filesize
7.7MB

Download
memory/3996-79-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/4292-51-0x0000000004E20000-0x0000000004E30000-memory.dmp

Filesize
64KB

Download
memory/4292-58-0x0000000072BF0000-0x00000000733A0000-memory.dmp

Filesize
7.7MB

Download
memory/4292-50-0x0000000072BF0000-0x00000000733A0000-memory.dmp

Filesize
7.7MB

Download
memory/4784-6-0x0000000005B80000-0x0000000005BE0000-memory.dmp

Filesize
384KB

Download
memory/4784-10-0x00000000063B0000-0x0000000006954000-memory.dmp

Filesize
5.6MB

Download
memory/4784-9-0x0000000005D90000-0x0000000005DF6000-memory.dmp

Filesize
408KB

Download
memory/4784-8-0x0000000005CF0000-0x0000000005D82000-memory.dmp

Filesize
584KB

Download
memory/4784-5-0x00000000059E0000-0x0000000005A40000-memory.dmp

Filesize
384KB

Download
memory/4784-15-0x0000000074840000-0x0000000074FF0000-memory.dmp

Filesize
7.7MB

Download
memory/4784-7-0x0000000005BE0000-0x0000000005C2C000-memory.dmp

Filesize
304KB

Download
memory/4784-4-0x0000000005960000-0x00000000059DA000-memory.dmp

Filesize
488KB

Download
memory/4784-3-0x00000000058E0000-0x0000000005958000-memory.dmp

Filesize
480KB

Download
memory/4784-1-0x0000000074840000-0x0000000074FF0000-memory.dmp

Filesize
7.7MB

Download
memory/4784-2-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/4784-0-0x0000000000E40000-0x0000000000F08000-memory.dmp

Filesize
800KB

Download