bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 03:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ed76e28db12ac8bd2a0f1659b2d9e29a.exe
Size

5.5MB
MD5

ed76e28db12ac8bd2a0f1659b2d9e29a
SHA1

b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c
SHA256

bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf
SHA512

950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1
SSDEEP

98304:vYj/yTZFk1J+TpnFZ5rgtk16tg4S8S4r350hG4Jujy18U/44M8b1Cm2urASeaHun:v4/yTZq1JCdFZ5+kgSU3mhGkdL4u1CmG

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Utsysc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Utsysc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Utsysc.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Utsysc.exe

Executes dropped EXE 4 IoCs

pid	Process
2640	Utsysc.exe
1020	Utsysc.exe
1544	Utsysc.exe
2584	Utsysc.exe

Loads dropped DLL 2 IoCs

pid	Process
2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe

Themida packer 25 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2380-0-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-3-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-32-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-52-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-53-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-54-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-55-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-56-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-57-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2380-58-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/files/0x00080000000120bd-63.dat	themida
behavioral1/files/0x00080000000120bd-64.dat	themida
behavioral1/files/0x00080000000120bd-65.dat	themida
behavioral1/files/0x00080000000120bd-70.dat	themida
behavioral1/memory/2380-69-0x00000000013B0000-0x0000000002247000-memory.dmp	themida
behavioral1/memory/2640-76-0x0000000000860000-0x00000000016F7000-memory.dmp	themida
behavioral1/memory/2640-80-0x0000000000860000-0x00000000016F7000-memory.dmp	themida
behavioral1/files/0x00080000000120bd-139.dat	themida
behavioral1/files/0x00080000000120bd-140.dat	themida
behavioral1/memory/1020-142-0x0000000000860000-0x00000000016F7000-memory.dmp	themida
behavioral1/memory/1020-147-0x0000000000860000-0x00000000016F7000-memory.dmp	themida
behavioral1/memory/2640-180-0x0000000000860000-0x00000000016F7000-memory.dmp	themida
behavioral1/memory/1020-203-0x0000000000860000-0x00000000016F7000-memory.dmp	themida
behavioral1/files/0x00080000000120bd-217.dat	themida
behavioral1/files/0x00080000000120bd-313.dat	themida

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Utsysc.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ed76e28db12ac8bd2a0f1659b2d9e29a.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
2640	Utsysc.exe
1020	Utsysc.exe
1544	Utsysc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2124	schtasks.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe
2640	Utsysc.exe
2640	Utsysc.exe
1020	Utsysc.exe
1020	Utsysc.exe
1544	Utsysc.exe
1544	Utsysc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2640	2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe	28
PID 2380 wrote to memory of 2640	2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe	28
PID 2380 wrote to memory of 2640	2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe	28
PID 2380 wrote to memory of 2640	2380	ed76e28db12ac8bd2a0f1659b2d9e29a.exe	28
PID 2640 wrote to memory of 2124	2640	Utsysc.exe	29
PID 2640 wrote to memory of 2124	2640	Utsysc.exe	29
PID 2640 wrote to memory of 2124	2640	Utsysc.exe	29
PID 2640 wrote to memory of 2124	2640	Utsysc.exe	29
PID 1492 wrote to memory of 1020	1492	taskeng.exe	34
PID 1492 wrote to memory of 1020	1492	taskeng.exe	34
PID 1492 wrote to memory of 1020	1492	taskeng.exe	34
PID 1492 wrote to memory of 1020	1492	taskeng.exe	34
PID 1492 wrote to memory of 1544	1492	taskeng.exe	37
PID 1492 wrote to memory of 1544	1492	taskeng.exe	37
PID 1492 wrote to memory of 1544	1492	taskeng.exe	37
PID 1492 wrote to memory of 1544	1492	taskeng.exe	37
PID 1492 wrote to memory of 2584	1492	taskeng.exe	38
PID 1492 wrote to memory of 2584	1492	taskeng.exe	38
PID 1492 wrote to memory of 2584	1492	taskeng.exe	38
PID 1492 wrote to memory of 2584	1492	taskeng.exe	38

C:\Users\Admin\AppData\Local\Temp\ed76e28db12ac8bd2a0f1659b2d9e29a.exe
"C:\Users\Admin\AppData\Local\Temp\ed76e28db12ac8bd2a0f1659b2d9e29a.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  "C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:2124

C:\Windows\system32\taskeng.exe
taskeng.exe {03484A9A-DEB8-44AE-B0A4-5A8182DE8738} S-1-5-21-3618187007-3650799920-3290345941-1000:BPDFUYWR\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  2⤵
  - Executes dropped EXE
  PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
1.7MB

MD5
468fd865d5f4f63c16995106440edae0

SHA1
865cc8919bb192ea230749ac23ab77f00d4c618d

SHA256
a85e0b255ff83a6d13b28e91066f7ea68ac7336184620320e0132f08f068fc26

SHA512
ce4d46d358c7f6b26b04929cd84a9f71f74e40965151322319ed5cd228ad9eb613f75d751dd39dfe64f38f9ba3648ef04149f4f5f5808ace67a96a2134f5d2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.5MB

MD5
ed76e28db12ac8bd2a0f1659b2d9e29a

SHA1
b179d7aafb3bc8a9bf0e59bb5dd989bedd92818c

SHA256
bfc5144d4350c7295d7749470264d1eba81647ecb3ad060fd5d1b829653e04bf

SHA512
950c8000edcdab4ab941151dbf8e1112f92591a6b67be241d7746d5be48579d695952a46beab2c0c458c2c86e85de7cff110d451322fb5ce3139f2e5538a60f1

Download Submit
memory/1020-190-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-181-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/1020-192-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-191-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-196-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-188-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-187-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-185-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-183-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-194-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-182-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-147-0x0000000000860000-0x00000000016F7000-memory.dmp

Filesize
14.6MB

Download
memory/1020-142-0x0000000000860000-0x00000000016F7000-memory.dmp

Filesize
14.6MB

Download
memory/1020-197-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-199-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-202-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/1020-203-0x0000000000860000-0x00000000016F7000-memory.dmp

Filesize
14.6MB

Download
memory/1020-204-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/2380-46-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-32-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-49-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-50-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-51-0x0000000077810000-0x0000000077812000-memory.dmp

Filesize
8KB

Download
memory/2380-52-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-53-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-54-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-55-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-56-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-57-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-58-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-47-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-0-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-45-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-44-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-71-0x0000000004D50000-0x0000000005BE7000-memory.dmp

Filesize
14.6MB

Download
memory/2380-72-0x0000000004D50000-0x0000000005BE7000-memory.dmp

Filesize
14.6MB

Download
memory/2380-69-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-74-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-75-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/2380-1-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2380-4-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2380-3-0x00000000013B0000-0x0000000002247000-memory.dmp

Filesize
14.6MB

Download
memory/2380-6-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2380-7-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2380-9-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2380-11-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2380-14-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2380-16-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2380-19-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2380-21-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2380-24-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2380-26-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2380-29-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2380-31-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2380-48-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-38-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-39-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/2380-40-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-41-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-42-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2380-43-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-116-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-115-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/2640-130-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-128-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-131-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-126-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-125-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-124-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-123-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-180-0x0000000000860000-0x00000000016F7000-memory.dmp

Filesize
14.6MB

Download
memory/2640-122-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-121-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-120-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-118-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-119-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/2640-117-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-129-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-114-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-127-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-95-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2640-92-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2640-87-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2640-90-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2640-85-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2640-79-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/2640-82-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/2640-205-0x0000000077300000-0x0000000077347000-memory.dmp

Filesize
284KB

Download
memory/2640-206-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-208-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-209-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-210-0x00000000758E0000-0x00000000759F0000-memory.dmp

Filesize
1.1MB

Download
memory/2640-80-0x0000000000860000-0x00000000016F7000-memory.dmp

Filesize
14.6MB

Download
memory/2640-76-0x0000000000860000-0x00000000016F7000-memory.dmp

Filesize
14.6MB

Download