amadey | 07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd

Analysis

max time kernel
293s
max time network
264s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
Size

1.8MB
MD5

380f9cd5bc70636263493427881a3245
SHA1

db5a263cf4a3b9a545dec182a707398ec804fc54
SHA256

07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd
SHA512

657b001969caabc745729963dc86ed33e5de965bbba27e15655fc9257ae59445bfd3e2caa45cbe38d6f8f5264a0c65b6c7ec4ee41731e4f958f92098f3e74f47
SSDEEP

49152:HFHbujLoAHkzLPVefM9/bfLMRSxmmp0LvBwnoRSC:AjLbHkzbtkttSoH

Score

10^/10

amadey risepro 0e6740 49e482 evasion persistence stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

http://147.45.47.155

Attributes

install_dir
9217037dc9
install_file
explortu.exe
strings_key
8e894a8a4a3d0da8924003a561cfb244
url_paths
/ku4Nor9/index.php

rc4.plain

Extracted

Family

amadey

Version

4.21

Botnet

49e482

http://147.45.47.70

Attributes

install_dir
1b29d73536
install_file
axplont.exe
strings_key
4d31dd1a190d9879c21fac6d87dc0043
url_paths
/tr8nomy/index.php

rc4.plain

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	axplont.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	6d3d40f24d.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	explortu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	explortu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	93ac2b86cd.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 12 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	explortu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	93ac2b86cd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	6d3d40f24d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	explortu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	explortu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	93ac2b86cd.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	axplont.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	axplont.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	6d3d40f24d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	explortu.exe

Executes dropped EXE 5 IoCs

pid	Process
2436	explortu.exe
1236	explortu.exe
1852	93ac2b86cd.exe
2220	axplont.exe
2872	6d3d40f24d.exe

Identifies Wine through registry keys 2 TTPs 6 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine	93ac2b86cd.exe
Key opened	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine	axplont.exe
Key opened	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine	6d3d40f24d.exe
Key opened	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
Key opened	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine	explortu.exe
Key opened	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine	explortu.exe

Loads dropped DLL 6 IoCs

pid	Process
2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
2436	explortu.exe
2436	explortu.exe
1852	93ac2b86cd.exe
2436	explortu.exe
2436	explortu.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\6d3d40f24d.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000005001\\6d3d40f24d.exe"	explortu.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

pid	Process
2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
2436	explortu.exe
1236	explortu.exe
1852	93ac2b86cd.exe
2220	axplont.exe
2872	6d3d40f24d.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2436 set thread context of 1236	2436	explortu.exe	29

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\explortu.job	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
File created	C:\Windows\Tasks\axplont.job	93ac2b86cd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
2436	explortu.exe
1236	explortu.exe
1852	93ac2b86cd.exe
2220	axplont.exe
2872	6d3d40f24d.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
1852	93ac2b86cd.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2436	2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe	28
PID 2400 wrote to memory of 2436	2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe	28
PID 2400 wrote to memory of 2436	2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe	28
PID 2400 wrote to memory of 2436	2400	07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe	28
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1236	2436	explortu.exe	29
PID 2436 wrote to memory of 1852	2436	explortu.exe	31
PID 2436 wrote to memory of 1852	2436	explortu.exe	31
PID 2436 wrote to memory of 1852	2436	explortu.exe	31
PID 2436 wrote to memory of 1852	2436	explortu.exe	31
PID 1852 wrote to memory of 2220	1852	93ac2b86cd.exe	32
PID 1852 wrote to memory of 2220	1852	93ac2b86cd.exe	32
PID 1852 wrote to memory of 2220	1852	93ac2b86cd.exe	32
PID 1852 wrote to memory of 2220	1852	93ac2b86cd.exe	32
PID 2436 wrote to memory of 2872	2436	explortu.exe	34
PID 2436 wrote to memory of 2872	2436	explortu.exe	34
PID 2436 wrote to memory of 2872	2436	explortu.exe	34
PID 2436 wrote to memory of 2872	2436	explortu.exe	34

C:\Users\Admin\AppData\Local\Temp\07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe
"C:\Users\Admin\AppData\Local\Temp\07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
  "C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
    "C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:1236
- - C:\Users\Admin\1000004002\93ac2b86cd.exe
    "C:\Users\Admin\1000004002\93ac2b86cd.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
      "C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Identifies Wine through registry keys
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      PID:2220
- - C:\Users\Admin\AppData\Local\Temp\1000005001\6d3d40f24d.exe
    "C:\Users\Admin\AppData\Local\Temp\1000005001\6d3d40f24d.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\1000004002\93ac2b86cd.exe

Filesize
1.8MB

MD5
f55d40b74d38f0fcea654437183a7b1e

SHA1
200a9623c12df8470efaac73d85a45927c2b3fad

SHA256
d107ed3dadd9d5544a569bd16e0c9eecee52f4f136e1def03c06de46267b4bec

SHA512
385d804bdf040336e5d6862487fd3f07bb2c6c1590ef743f45b2ddef40ccf5b1d84f9389ae5f7114eef38b9d89fbb8de3197760dc4e920ff662717c8d16d9e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000005001\6d3d40f24d.exe

Filesize
2.3MB

MD5
cd1dfa093d37dff12f11f8c1c06d565e

SHA1
d70536c72f489edce93bc0df04e21a905348a817

SHA256
438974434c65fe40fac3a8e076a01fa432be38325ab8b455476f5f4a446b88a5

SHA512
50c1f108821c9fe944a6fe6de7d09dd6f87dcfe3627f76bbc76d124f129acc120db7f1e79ae49ab092e85dccbc21e69abd0999205a3bcca08047a038e5332168

Download Submit
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe

Filesize
1.8MB

MD5
380f9cd5bc70636263493427881a3245

SHA1
db5a263cf4a3b9a545dec182a707398ec804fc54

SHA256
07424eb74c4a1b95cb8b3440f9359efc9fe97d9c8d7ef3ce7f8fec8848806ddd

SHA512
657b001969caabc745729963dc86ed33e5de965bbba27e15655fc9257ae59445bfd3e2caa45cbe38d6f8f5264a0c65b6c7ec4ee41731e4f958f92098f3e74f47

Download Submit
memory/1236-50-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-71-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-51-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-54-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-58-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-61-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-64-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-47-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-33-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-25-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-44-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-39-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-28-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-29-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-30-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-31-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-32-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-48-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-35-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-43-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/1236-42-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-46-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-45-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-67-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-72-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-49-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-69-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-68-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-66-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-65-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-63-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-62-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-60-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-59-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-57-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-56-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-55-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-53-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-70-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-52-0x0000000000400000-0x00000000009DB000-memory.dmp

Filesize
5.9MB

Download
memory/1236-37-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1852-87-0x00000000011D0000-0x0000000001698000-memory.dmp

Filesize
4.8MB

Download
memory/1852-98-0x00000000011D0000-0x0000000001698000-memory.dmp

Filesize
4.8MB

Download
memory/2220-101-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-125-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-131-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-132-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-137-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-140-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-143-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2220-146-0x0000000000F80000-0x0000000001448000-memory.dmp

Filesize
4.8MB

Download
memory/2400-5-0x0000000000140000-0x0000000000604000-memory.dmp

Filesize
4.8MB

Download
memory/2400-1-0x0000000077C50000-0x0000000077C52000-memory.dmp

Filesize
8KB

Download
memory/2400-2-0x0000000000141000-0x000000000016F000-memory.dmp

Filesize
184KB

Download
memory/2400-3-0x0000000000140000-0x0000000000604000-memory.dmp

Filesize
4.8MB

Download
memory/2400-15-0x0000000000140000-0x0000000000604000-memory.dmp

Filesize
4.8MB

Download
memory/2400-17-0x0000000006D60000-0x0000000007224000-memory.dmp

Filesize
4.8MB

Download
memory/2400-0-0x0000000000140000-0x0000000000604000-memory.dmp

Filesize
4.8MB

Download
memory/2436-129-0x0000000006AE0000-0x0000000006FA8000-memory.dmp

Filesize
4.8MB

Download
memory/2436-134-0x0000000006AE0000-0x00000000070DA000-memory.dmp

Filesize
6.0MB

Download
memory/2436-123-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-86-0x0000000006AE0000-0x0000000006FA8000-memory.dmp

Filesize
4.8MB

Download
memory/2436-121-0x0000000006AE0000-0x00000000070DA000-memory.dmp

Filesize
6.0MB

Download
memory/2436-120-0x0000000006AE0000-0x00000000070DA000-memory.dmp

Filesize
6.0MB

Download
memory/2436-21-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-124-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-126-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-127-0x0000000009EB0000-0x000000000A374000-memory.dmp

Filesize
4.8MB

Download
memory/2436-27-0x0000000009EB0000-0x000000000A374000-memory.dmp

Filesize
4.8MB

Download
memory/2436-145-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-130-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-19-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-18-0x00000000012F1000-0x000000000131F000-memory.dmp

Filesize
184KB

Download
memory/2436-118-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-26-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-135-0x0000000006AE0000-0x00000000070DA000-memory.dmp

Filesize
6.0MB

Download
memory/2436-136-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-16-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-142-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-139-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2436-100-0x00000000012F0000-0x00000000017B4000-memory.dmp

Filesize
4.8MB

Download
memory/2872-141-0x0000000000EF0000-0x00000000014EA000-memory.dmp

Filesize
6.0MB

Download
memory/2872-138-0x0000000000EF0000-0x00000000014EA000-memory.dmp

Filesize
6.0MB

Download
memory/2872-133-0x0000000000EF0000-0x00000000014EA000-memory.dmp

Filesize
6.0MB

Download
memory/2872-144-0x0000000000EF0000-0x00000000014EA000-memory.dmp

Filesize
6.0MB

Download
memory/2872-128-0x0000000000EF0000-0x00000000014EA000-memory.dmp

Filesize
6.0MB

Download
memory/2872-122-0x0000000000EF0000-0x00000000014EA000-memory.dmp

Filesize
6.0MB

Download