asyncrat | hxxps://gofile[.]io/d/HX7SsO

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
18-06-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/HX7SsO

Score

10^/10

asyncrat evasion rat spyware stealer themida trojan

Malware Config

Extracted

Family

asyncrat

Version

AWS | 3Losh

Mutex

AsyncMutex_xGhost

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/TQctdga7

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\svchost.exe	family_asyncrat

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Hackus.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Hackus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Hackus.exe

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe	net_reactor
behavioral1/memory/3880-159-0x00000260ACC10000-0x00000260ACEB4000-memory.dmp	net_reactor

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Hackus.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Hackus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Hackus.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Hackus.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation Hackus.exe
Executes dropped EXE 3 IoCs

Processes:

Hackus.exesvchost.exeHackus .exe

pid process

832 Hackus.exe
4436 svchost.exe
3880 Hackus .exe
Loads dropped DLL 1 IoCs

Processes:

Hackus .exe

pid process

3880 Hackus .exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Hackus.exe

pid	process
832	Hackus.exe
4436	svchost.exe
3880	Hackus .exe

pid	process
3880	Hackus .exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe	themida
behavioral1/memory/832-138-0x0000000000840000-0x0000000001314000-memory.dmp	themida
behavioral1/memory/832-139-0x0000000000840000-0x0000000001314000-memory.dmp	themida
behavioral1/memory/832-157-0x0000000000840000-0x0000000001314000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Hackus.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Hackus.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

113 pastebin.com
114 pastebin.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Hackus.exe

pid process

832 Hackus.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

svchost.exe

pid process

4436 svchost.exe
4436 svchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Hackus.exe

flow	ioc
113	pastebin.com
114	pastebin.com

pid	process
832	Hackus.exe

pid	process
4436	svchost.exe
4436	svchost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zG.exeHackus .exesvchost.exe

description	pid	process
Token: SeRestorePrivilege	2932	7zG.exe
Token: 35	2932	7zG.exe
Token: SeSecurityPrivilege	2932	7zG.exe
Token: SeSecurityPrivilege	2932	7zG.exe
Token: SeDebugPrivilege	3880	Hackus .exe
Token: SeDebugPrivilege	4436	svchost.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

7zG.exeHackus .exe

pid process

2932 7zG.exe
3880 Hackus .exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

svchost.exe

pid process

4436 svchost.exe

pid	process
2932	7zG.exe
3880	Hackus .exe

pid	process
4436	svchost.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

Hackus.exe

description	pid	process	target process
PID 832 wrote to memory of 4436	832	Hackus.exe	svchost.exe
PID 832 wrote to memory of 4436	832	Hackus.exe	svchost.exe
PID 832 wrote to memory of 4436	832	Hackus.exe	svchost.exe
PID 832 wrote to memory of 3880	832	Hackus.exe	Hackus .exe
PID 832 wrote to memory of 3880	832	Hackus.exe	Hackus .exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/HX7SsO
1⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4456,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
1⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4920,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:1
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4396,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
1⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
1⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5372,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
1⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5884,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:1
1⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6068,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
1⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5492,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:1
1⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6352,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
1⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6384,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
1⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6332,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
1⤵
PID:320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6008,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
1⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7036,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:8
1⤵
PID:4924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1736

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HackUs Mail Access Checker\" -spe -an -ai#7zMap9571:114:7zEvent17915
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6736,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
1⤵
PID:2648

C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe
"C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:832

C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4436

C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe
"C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3880

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\svchost.exe
Filesize
63KB

MD5
bef2a9e896a294424b518230bf249dd7

SHA1
c5cfc5211f818b74aa7672b949874a9d97f8f4fa

SHA256
ee36d61358dc3fbbbb52ccc625671c0215d6866bed336addc8f992920a72dbb2

SHA512
d35342931d87f4a36fa7052b2d7239c2ae17804892af410f951e5d3841d0ce85e705da602114fabf3acb8be20adc7c48bfc0c11034fec7e305a8e30046983082

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\.hackus\Settings.cfg
Filesize
3KB

MD5
064d08b598637a6d1b78bd8a7fa3f123

SHA1
12fa5221930171ca6cfc96b463ea13959f7a4c24

SHA256
bb3e83cba399f2b1724c053dd45ee6dc56baf392cd5c98e542e8d652d3bb1702

SHA512
57646bff7ab4b4c69e926fa1cebcac144cb14744dab0d19c5213faad7453f8b30110fcad32e922dc4799c6bfda0c1ba2a9d7f44c3ee5212852d74148f4928cb9

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe
Filesize
2.6MB

MD5
b98582a96f3d102a3d45e7ed1111268b

SHA1
b1f4886d90acf2ab70477a043dea8b668a7494bc

SHA256
fb5518b93f5a75c4ddb033a5a1e8189d2e8177c863c8b86c0adbb2de90a928a3

SHA512
51530cbd2a90a0687203132ea5e8a40c7dd0ff3275e1183020ebd60707a360f66106eaf1856716f64d24ff06b0fd2ad1e29f12019e7d68bf00dc9cbe3a7afc1b

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe
Filesize
5.3MB

MD5
1998fe239ab28012be9514a004852d99

SHA1
11fdc989f6bf8ec3ba72280dd6882f787258f7aa

SHA256
83547c253dfb4a352d2fdfab37f1f5c88cbd1ec6905f9885322e1df4d15b1de6

SHA512
90f28f6535febc44e118a22111ce9902dfb32af53f9100c15349df42a48c3aee0850d025f254ce60a7c866e02ceb897f7e1ee6a67cd9b69995b2e052c43293bd

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\HandyControl.dll
Filesize
1.7MB

MD5
1ffa7237d695541158de09ef6a3fe74f

SHA1
d46c42d47302bec68b0f42969f7b1bb4a9504d2f

SHA256
9569eda5c0af677733b29fd3247d48651a5604f21e8aa03ad0fe3508d9609ba0

SHA512
176bd9478ec75cbe4f26ecfbc0717bdaa69148c5b38a8b14b9ea8477505ec56b982350c07acebe0aae9235dc313b0b64391737d9442ee397546eb3aceeeeb305

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\MailBee.NET.dll
Filesize
1.7MB

MD5
6dde77d756621d00016945736760f717

SHA1
7094f0dea1b4c4bfd7f840b63b704dfc9bdd079f

SHA256
81632ee251474cb656dce412181e9f68f426ba20f3a0c4120c868a0cf05cd6d0

SHA512
e3389201e9d198be6304b79559d9d5d457cb33c74b441afb7ecafe4aaafb3cb0d583cd4ab8a5eb6045cd934d2c2a4007f6d1474beb5584585fcaae0060f4b813

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Newtonsoft.Json.dll
Filesize
679KB

MD5
99f75ea1a4a5a0206d4be30827ca87bc

SHA1
73e6aba5d4a8be5eb82eca5b5faa2594fbae3bde

SHA256
99592e8b144529d5e0acc40028758643ae475bcacdeb5288c1a1a3c0502e0453

SHA512
c3e64c3556f58b171ac6528a448fe44f22946177580cf29b01115783e7cba0037517b40e4a32c948da623cb447038eb713f9cd0617f27f7a5873488b297b4fe3

Download Submit
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\x64\GoSrp.dll
Filesize
2.6MB

MD5
8f5f6ee061242d609bd05b48479d887a

SHA1
0005089c13ba90f2d150a6e117bf463a6e28af54

SHA256
6b7778f1c17b1a2d48970bdec81f1f1436066c662222ffa8200dee7c3fe610c2

SHA512
f4eda39b2bf9fe358cabb31e5f839e12704598505c16d6dd26550a5d1fa05775d34bc0ce6f631f4e3db95072630b60968cbe59d146055f87d197c9153dcdb1aa

Download Submit
memory/832-138-0x0000000000840000-0x0000000001314000-memory.dmp

Filesize
10.8MB

Download
memory/832-130-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-132-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-139-0x0000000000840000-0x0000000001314000-memory.dmp

Filesize
10.8MB

Download
memory/832-140-0x0000000005D60000-0x0000000005DFC000-memory.dmp

Filesize
624KB

Download
memory/832-134-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-133-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-126-0x0000000000840000-0x0000000001314000-memory.dmp

Filesize
10.8MB

Download
memory/832-157-0x0000000000840000-0x0000000001314000-memory.dmp

Filesize
10.8MB

Download
memory/832-158-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-127-0x0000000075A30000-0x0000000075A31000-memory.dmp

Filesize
4KB

Download
memory/832-128-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-131-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/832-129-0x0000000075A10000-0x0000000075B00000-memory.dmp

Filesize
960KB

Download
memory/3880-161-0x00000260C7660000-0x00000260C781C000-memory.dmp

Filesize
1.7MB

Download
memory/3880-179-0x00000260F1280000-0x00000260F1288000-memory.dmp

Filesize
32KB

Download
memory/3880-174-0x00000260C9A90000-0x00000260C9B40000-memory.dmp

Filesize
704KB

Download
memory/3880-159-0x00000260ACC10000-0x00000260ACEB4000-memory.dmp

Filesize
2.6MB

Download
memory/3880-169-0x00000260C9810000-0x00000260C99D2000-memory.dmp

Filesize
1.8MB

Download
memory/3880-170-0x00000260C99D0000-0x00000260C9A8A000-memory.dmp

Filesize
744KB

Download
memory/3880-162-0x00000260AEA20000-0x00000260AEA26000-memory.dmp

Filesize
24KB

Download
memory/3880-172-0x00000260C9C50000-0x00000260C9E06000-memory.dmp

Filesize
1.7MB

Download
memory/3880-183-0x0000000058AD0000-0x0000000058DC5000-memory.dmp

Filesize
3.0MB

Download
memory/3880-182-0x00000260F1E10000-0x00000260F1E18000-memory.dmp

Filesize
32KB

Download
memory/3880-181-0x00000260F1270000-0x00000260F127E000-memory.dmp

Filesize
56KB

Download
memory/3880-176-0x00000260C75C0000-0x00000260C75E2000-memory.dmp

Filesize
136KB

Download
memory/3880-180-0x00000260F1CF0000-0x00000260F1D28000-memory.dmp

Filesize
224KB

Download
memory/4436-164-0x00000000058B0000-0x0000000005942000-memory.dmp

Filesize
584KB

Download
memory/4436-152-0x0000000000570000-0x0000000000586000-memory.dmp

Filesize
88KB

Download
memory/4436-168-0x0000000006970000-0x00000000069D6000-memory.dmp

Filesize
408KB

Download
memory/4436-165-0x0000000005DA0000-0x0000000005DAA000-memory.dmp

Filesize
40KB

Download
memory/4436-163-0x0000000005DB0000-0x0000000006354000-memory.dmp

Filesize
5.6MB

Download