shurk | 914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e

Analysis

max time kernel
150s
max time network
132s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
Size

9.8MB
MD5

764647736f890ef13f918079dc9d72cf
SHA1

1709f276759093323650d98d724124f9906adb05
SHA256

914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e
SHA512

f766939786f1ee13a7e8fd04eaec0c4371f1ca100610c3bf224578cb25070aed7b93cd187bf6e4c89113de996bd97ee054714fa7f43bb2ff3cc281fb20293f97
SSDEEP

196608:t9++KYyCBPgEdqiz0UKq3GaXcaK4PotqSOpsgymzgqae6WMr:kY9PgOlzLKq2GcP44ON2e6n

Score

10^/10

shurk bootkit discovery evasion infostealer persistence ransomware upx

Malware Config

Signatures

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk

Disables RegEdit via registry modification 2 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools = "1"	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "D:\\\\www.ini"	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00080000000120ff-45.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00080000000120ff-45.dat	upx
behavioral1/memory/2092-48-0x0000000074300000-0x000000007433C000-memory.dmp	upx
behavioral1/memory/2092-54-0x0000000074300000-0x000000007433C000-memory.dmp	upx
behavioral1/memory/2092-74-0x0000000074300000-0x000000007433C000-memory.dmp	upx
behavioral1/memory/2092-77-0x0000000074300000-0x000000007433C000-memory.dmp	upx
behavioral1/memory/2092-80-0x0000000074300000-0x000000007433C000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\physicaldrive0	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\Wallpaper = "c:\\1.jpg"	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WallpaperStyle = "2"	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\TileWallpaper = "2"	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2408	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	30
PID 2092 wrote to memory of 2408	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	30
PID 2092 wrote to memory of 2408	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	30
PID 2092 wrote to memory of 2408	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	30
PID 2092 wrote to memory of 648	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	32
PID 2092 wrote to memory of 648	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	32
PID 2092 wrote to memory of 648	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	32
PID 2092 wrote to memory of 648	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	32
PID 2092 wrote to memory of 2452	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	34
PID 2092 wrote to memory of 2452	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	34
PID 2092 wrote to memory of 2452	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	34
PID 2092 wrote to memory of 2452	2092	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe	34

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching = "1"	914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe

C:\Users\Admin\AppData\Local\Temp\914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe
"C:\Users\Admin\AppData\Local\Temp\914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e.exe"
1⤵
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Sets desktop wallpaper using registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2092
- C:\Windows\SysWOW64\reg.exe
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f
  2⤵
  - Disables RegEdit via registry modification
  - System Location Discovery: System Language Discovery
  PID:2408
- C:\Windows\SysWOW64\regini.exe
  regini www.ini
  2⤵
  PID:648
- C:\Windows\SysWOW64\regini.exe
  regini www.ini
  2⤵
  PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ExtraDll.dll

Filesize
97KB

MD5
c35425ad1f0c32225d307310deccc335

SHA1
b2e347b244e40ffa113dffaffd1895777e3ac30a

SHA256
48773d597155dc39dd172c26867972da89dd61fcee0d138433eda26a2d8633b7

SHA512
47b6a7447fcc4f9f21018f608fcbdb5650f16cbd869cae5d4ed5d9b88ca1e944de1cac10e9a252aa7b210f1a31456c0ed91728b8a7e24def99d7e3f9683e2bae

Download Submit
memory/2092-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2092-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2092-33-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2092-10-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2092-20-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2092-30-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2092-28-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2092-25-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2092-23-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2092-18-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2092-15-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2092-13-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2092-8-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2092-0-0x00000000006E7000-0x0000000000BBC000-memory.dmp

Filesize
4.8MB

Download
memory/2092-80-0x0000000074300000-0x000000007433C000-memory.dmp

Filesize
240KB

Download
memory/2092-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2092-41-0x0000000000400000-0x0000000000E05000-memory.dmp

Filesize
10.0MB

Download
memory/2092-43-0x0000000000400000-0x0000000000E05000-memory.dmp

Filesize
10.0MB

Download
memory/2092-40-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2092-38-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2092-36-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2092-35-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2092-5-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2092-48-0x0000000074300000-0x000000007433C000-memory.dmp

Filesize
240KB

Download
memory/2092-50-0x00000000006E7000-0x0000000000BBC000-memory.dmp

Filesize
4.8MB

Download
memory/2092-51-0x0000000000400000-0x0000000000E05000-memory.dmp

Filesize
10.0MB

Download
memory/2092-54-0x0000000074300000-0x000000007433C000-memory.dmp

Filesize
240KB

Download
memory/2092-74-0x0000000074300000-0x000000007433C000-memory.dmp

Filesize
240KB

Download
memory/2092-77-0x0000000074300000-0x000000007433C000-memory.dmp

Filesize
240KB

Download
memory/2092-31-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download