osiris | dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19

Resubmissions

13/09/2021, 07:53

210913-jqz1badce3 10

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
Size

1.2MB
MD5

46418f7453541b35f5962bc93588c8d4
SHA1

f6d57ef7add3039a956dd4a86f0efafb375d5eaf
SHA256

dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19
SHA512

cb7c7acc6496155f96f357be50ff789ab5bbe668f7624592f27cd9093914026848e476ea367ca6177e66f78f2c59300b78b9ac8092d5c2e0499069a21097620b
SSDEEP

12288:u+rq0yKJ7KZeBA4DVzlzEyn2QFqTjCAjkTnV/QH7OTzId2nfpN3fXx:FW0yreAkpzP/QCAjkTmbOwYRZB

Score

10^/10

osiris banker botnet

Malware Config

Signatures

Osiris
banker botnet osiris

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe

Executes dropped EXE 1 IoCs

pid	Process
908	GetX64BTIT.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
16	api.ipify.org
17	api.ipify.org

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 1236	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	89
PID 1496 wrote to memory of 1236	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	89
PID 1496 wrote to memory of 908	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	90
PID 1496 wrote to memory of 908	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	90
PID 1496 wrote to memory of 3476	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	76
PID 1496 wrote to memory of 4916	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	77
PID 1496 wrote to memory of 4452	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	78
PID 1496 wrote to memory of 4260	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	79
PID 1496 wrote to memory of 2012	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	80
PID 1496 wrote to memory of 5016	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	82
PID 1496 wrote to memory of 4492	1496	dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe	83
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99
PID 3476 wrote to memory of 4424	3476	msedge.exe	99

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2f0,0x7ff89b692e98,0x7ff89b692ea4,0x7ff89b692eb0
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2688 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2984 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2852 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5400 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5416 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2984 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4200

C:\Users\Admin\AppData\Local\Temp\dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe
"C:\Users\Admin\AppData\Local\Temp\dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1496
- C:\windows\hh.exe
  "C:\windows\hh.exe"
  2⤵
  PID:1236
- C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
  "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
  2⤵
  - Executes dropped EXE
  PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b381995a86335a5f812466e15c319ce7

SHA1
794d476a5d7a5dae6f67f2f991aa7bffc2dd03ea

SHA256
3bfac0271ffaf29bff14c91b186b3b465e1cb9c74ef6d35c7a25d8ce3db58f05

SHA512
9a8d12321bdb27f941b49d84758915efbe5c830cf9760639d14be13d26220092e69500df58af2822ed1a966802060235b2c47adef8c4aeb426ba57e78518d280

Download Submit
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

Filesize
3KB

MD5
b4cd27f2b37665f51eb9fe685ec1d373

SHA1
7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

SHA256
91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

SHA512
e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\x64btit.txt

Filesize
28B

MD5
6c94c70d0ee669959a7a9c8507d3bdf4

SHA1
1e7bc51745f134e8b208238bb7ac68bd3fbd760d

SHA256
013f9dfd9288cef03e09c2585918559bb3090525bc6cf88e8a8a71017dde9aa3

SHA512
6566229ce37c769de5449204ba0afc98b6089dfac690ae29298a032dbe77abe2d6babd7bb3f0ec79af6bcb131d04f3b04f3fc3f31838efce8e61f5d28d19b72d

Download Submit
memory/1496-18-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-26-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-7-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-8-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-5-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-14-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/1496-4-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-16-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-17-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-0-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1496-20-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1496-21-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-25-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-6-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-29-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-48-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-52-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-3-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-60-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-62-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-2-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/1496-1-0x0000000002950000-0x0000000002A32000-memory.dmp

Filesize
904KB

Download
memory/1496-75-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-78-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-80-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download
memory/1496-83-0x0000000003520000-0x00000000035BF000-memory.dmp

Filesize
636KB

Download