amadey | 93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

Analysis

max time kernel
146s
max time network
151s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
24-11-2023 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
Size

1.5MB
MD5

6866f4e7450d085b19ad1aa9adaca819
SHA1

4afc3a0de610f45dbf8eb83da2a16052c2a81b01
SHA256

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e
SHA512

4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8
SSDEEP

24576:NQIsq2Q2GOAO4fCCy7gtsICmEly/nDBRyqni3xbU4eWxDJ3YsXv6+tH9ZPz1:NQIsq2Q2GOAO4fCZ7YsL8/KqihAsxDJX

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.13

http://65.108.99.238

http://brodoyouevenlift.co.za

Attributes

strings_key
bda044f544861e32e95f5d49b3939bcc
url_paths
/yXNwKVfkS28Y/index.php

/g5ddWs/index.php

/pOVxaw24d/index.php

rc4.plain

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Executes dropped EXE 7 IoCs

Processes:

Utsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exe

pid process

4576 Utsysc.exe
1324 Utsysc.exe
904 Utsysc.exe
2556 Utsysc.exe
3812 Utsysc.exe
3748 Utsysc.exe
4940 Utsysc.exe

pid	process
4576	Utsysc.exe
1324	Utsysc.exe
904	Utsysc.exe
2556	Utsysc.exe
3812	Utsysc.exe
3748	Utsysc.exe
4940	Utsysc.exe

Suspicious use of SetThreadContext 4 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exeUtsysc.exeUtsysc.exeUtsysc.exe

description	pid	process	target process
PID 3184 set thread context of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 4576 set thread context of 1324	4576	Utsysc.exe	Utsysc.exe
PID 904 set thread context of 2556	904	Utsysc.exe	Utsysc.exe
PID 3812 set thread context of 4940	3812	Utsysc.exe	Utsysc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

3768 schtasks.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Utsysc.exe

pid process

3812 Utsysc.exe
3812 Utsysc.exe

pid	process
3768	schtasks.exe

pid	process
3812	Utsysc.exe
3812	Utsysc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exeUtsysc.exeUtsysc.exeUtsysc.exe

description	pid	process
Token: SeDebugPrivilege	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
Token: SeDebugPrivilege	4576	Utsysc.exe
Token: SeDebugPrivilege	904	Utsysc.exe
Token: SeDebugPrivilege	3812	Utsysc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

pid process

4368 93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

pid	process
4368	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

Suspicious use of WriteProcessMemory 49 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exeUtsysc.exeUtsysc.exeUtsysc.exeUtsysc.exe

description	pid	process	target process
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 3184 wrote to memory of 4368	3184	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 4368 wrote to memory of 4576	4368	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	Utsysc.exe
PID 4368 wrote to memory of 4576	4368	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	Utsysc.exe
PID 4368 wrote to memory of 4576	4368	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 4576 wrote to memory of 1324	4576	Utsysc.exe	Utsysc.exe
PID 1324 wrote to memory of 3768	1324	Utsysc.exe	schtasks.exe
PID 1324 wrote to memory of 3768	1324	Utsysc.exe	schtasks.exe
PID 1324 wrote to memory of 3768	1324	Utsysc.exe	schtasks.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 904 wrote to memory of 2556	904	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 3748	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 3748	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 3748	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe
PID 3812 wrote to memory of 4940	3812	Utsysc.exe	Utsysc.exe

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
"C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3184

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4368

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
"C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4576

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe" /F
5⤵
- Creates scheduled task(s)
PID:3768

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:904

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
2⤵
- Executes dropped EXE
PID:2556

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3812

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
2⤵
- Executes dropped EXE
PID:3748

C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe
2⤵
- Executes dropped EXE
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Utsysc.exe.log

Filesize
927B

MD5
ffe7bf10728fcdc9cfc28d6c2320a6f8

SHA1
af407275e9830d40889da2e672d2e6af118c8cb8

SHA256
72653cc5191f40cf26bcabcb5e0e41e53f23463f725007f74da78e36f9ec1522

SHA512
766753516d36ef1065d29dd982e0b6ee4e84c0c17eb2b0a6ca056f6c8e2a908e53c169bbcb01ab8b9ba1be1463fdd4007398d964aed59de761c1a6213842776c

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\037ceed7fc\Utsysc.exe

Filesize
1.5MB

MD5
6866f4e7450d085b19ad1aa9adaca819

SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01

SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e

SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\534848907968

Filesize
72KB

MD5
02a07c8a09b461e599c035b138d7779a

SHA1
471cd33e36462438feabaea8efb43cbb55df35e7

SHA256
88d0acbff1086b9e89f7c758ceedf2246b7a3ebb6241628f83d3dbd2e8959071

SHA512
748bcc95caa3978577ab5fa05d6235e9a13130174949f3daab04fa6366e6fde2fa8d69e87239159713728eedd191fbe166c04b6e7166acbbe6fcfff73d706ca9

Download Submit
memory/904-61-0x0000000072550000-0x0000000072C3E000-memory.dmp

Filesize
6.9MB

Download
memory/904-54-0x0000000072550000-0x0000000072C3E000-memory.dmp

Filesize
6.9MB

Download
memory/904-55-0x0000000004AC0000-0x0000000004AD0000-memory.dmp

Filesize
64KB

Download
memory/1324-31-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/1324-51-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/1324-30-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/1324-29-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/1324-27-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2556-59-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2556-60-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2556-58-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3184-5-0x00000000052D0000-0x0000000005330000-memory.dmp

Filesize
384KB

Download
memory/3184-1-0x0000000073A10000-0x00000000740FE000-memory.dmp

Filesize
6.9MB

Download
memory/3184-2-0x0000000005250000-0x00000000052CA000-memory.dmp

Filesize
488KB

Download
memory/3184-3-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/3184-4-0x00000000051E0000-0x0000000005240000-memory.dmp

Filesize
384KB

Download
memory/3184-12-0x0000000073A10000-0x00000000740FE000-memory.dmp

Filesize
6.9MB

Download
memory/3184-0-0x0000000000870000-0x00000000009EA000-memory.dmp

Filesize
1.5MB

Download
memory/3184-7-0x00000000058D0000-0x0000000005DCE000-memory.dmp

Filesize
5.0MB

Download
memory/3184-6-0x0000000005330000-0x000000000537C000-memory.dmp

Filesize
304KB

Download
memory/3812-64-0x00000000055A0000-0x00000000055B0000-memory.dmp

Filesize
64KB

Download
memory/3812-71-0x0000000072550000-0x0000000072C3E000-memory.dmp

Filesize
6.9MB

Download
memory/3812-63-0x0000000072550000-0x0000000072C3E000-memory.dmp

Filesize
6.9MB

Download
memory/4368-21-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4368-10-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4368-11-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4368-13-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4368-8-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4576-28-0x0000000072320000-0x0000000072A0E000-memory.dmp

Filesize
6.9MB

Download
memory/4576-22-0x0000000072320000-0x0000000072A0E000-memory.dmp

Filesize
6.9MB

Download
memory/4576-23-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/4940-70-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4940-69-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4940-68-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download