cryptbot | 57fd9194f07f05c74a6cc39978fbcc9e68eac67779d047de5df8afa19e567064

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Size

4.4MB
MD5

e8dc2f1287e54db1661563f05ebd1535
SHA1

14d2a586dab1c48197d3298f648d82d507ebe28a
SHA256

57fd9194f07f05c74a6cc39978fbcc9e68eac67779d047de5df8afa19e567064
SHA512

c59d33501a5f65066a22d38a3133a530e17d765c32b1487eaba605b275d480b72a870b80ef1ac2a83a8fca71a70a6ae549497f9e796034a4e26947ade6417693
SSDEEP

98304:5v/TdEIfWt/9rGvP3Ia5BTT+mky9RK7NIOCttTYZ9:5DdEH1rGvPpBGu944Q9

Score

10^/10

cryptbot discovery evasion spyware stealer

Malware Config

Extracted

Family

cryptbot

otteppp11.top

doorres03.top

Signatures

CryptBot
A C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot

CryptBot payload 16 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2840-24-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-235-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-239-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-240-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-244-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-255-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-258-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-261-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-264-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-267-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-270-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-272-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-278-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-280-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-284-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot
behavioral2/memory/2840-286-0x00000000000C0000-0x00000000005E4000-memory.dmp	family_cryptbot

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exehuheaaoysui.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ huheaaoysui.exe
Blocklisted process makes network request 3 IoCs

Processes:

WScript.exe

flow pid process

14 2044 WScript.exe
16 2044 WScript.exe
18 2044 WScript.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	huheaaoysui.exe

flow	pid	process
14	2044	WScript.exe
16	2044	WScript.exe
18	2044	WScript.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

huheaaoysui.exee8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	huheaaoysui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	huheaaoysui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.execmd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 1 IoCs

Processes:

huheaaoysui.exe

pid process

2840 huheaaoysui.exe

pid	process
2840	huheaaoysui.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exehuheaaoysui.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Wine	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Wine	huheaaoysui.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

46 bitbucket.org
47 bitbucket.org
49 bitbucket.org
13 iplogger.org
14 iplogger.org
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

44 ip-api.com
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exehuheaaoysui.exe

pid process

4216 e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
2840 huheaaoysui.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
46	bitbucket.org
47	bitbucket.org
49	bitbucket.org
13	iplogger.org
14	iplogger.org

flow	ioc
44	ip-api.com

pid	process
4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
2840	huheaaoysui.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exehuheaaoysui.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	huheaaoysui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	huheaaoysui.exe

Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings cmd.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exehuheaaoysui.exe

pid process

4216 e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
4216 e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
2840 huheaaoysui.exe
2840 huheaaoysui.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

huheaaoysui.exe

pid process

2840 huheaaoysui.exe
2840 huheaaoysui.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	cmd.exe

pid	process
4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
2840	huheaaoysui.exe
2840	huheaaoysui.exe

pid	process
2840	huheaaoysui.exe
2840	huheaaoysui.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.execmd.execmd.exe

description	pid	process	target process
PID 4216 wrote to memory of 5056	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 5056	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 5056	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 5056 wrote to memory of 2044	5056	cmd.exe	WScript.exe
PID 5056 wrote to memory of 2044	5056	cmd.exe	WScript.exe
PID 5056 wrote to memory of 2044	5056	cmd.exe	WScript.exe
PID 4216 wrote to memory of 4792	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 4792	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 4792	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4792 wrote to memory of 2840	4792	cmd.exe	huheaaoysui.exe
PID 4792 wrote to memory of 2840	4792	cmd.exe	huheaaoysui.exe
PID 4792 wrote to memory of 2840	4792	cmd.exe	huheaaoysui.exe
PID 4216 wrote to memory of 824	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 824	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 824	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 4648	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 4648	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe
PID 4216 wrote to memory of 4648	4216	e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e8dc2f1287e54db1661563f05ebd1535_JaffaCakes118.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4216

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\fykmplg.vbs"
2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5056

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fykmplg.vbs"
3⤵
- Blocklisted process makes network request
PID:2044

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\huheaaoysui.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:4792

C:\Users\Admin\AppData\Local\Temp\huheaaoysui.exe
"C:\Users\Admin\AppData\Local\Temp\huheaaoysui.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2840

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\ythhgjmuoo.exe"
2⤵
PID:824

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\jvixemhwksfo.exe"
2⤵
PID:4648

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\_Files\_Information.txt
Filesize
4KB

MD5
e2a639fa5eada80d09e93a1eb88407fa

SHA1
55f971dd4b9aaf3e8f8d93ee3a85ba177d971274

SHA256
ae1e4f8ce11d5fde88c2c70c7e679e6a4807e399ad5d5c27c38e31205cd2a8d5

SHA512
b1a90c72fb9fdd445129b395e1f06b35d50d2b5c488ab5eba38dae7a3f01fbc0a368e070b5515705c513afba53c59a3cc1cd05b122892df37f86062800668255

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\_Files\_Screen_Desktop.jpeg
Filesize
46KB

MD5
905158869f408fbe4bbe10bdf7b2cf32

SHA1
a6445087797548190e1bbcad909d9217b756850b

SHA256
7f0e72b23918cf35a17cf03658445509581f8c64b53fc641822ce1d486b8a3ba

SHA512
5639d94b0f3d3e3da834859332a2967d5c352d2cbb0afbe3f61d25a69278c325eea3dbf29d6eeb0631b879f430db624e61862198349678140af606e5affbcc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\cmUdFIJQWAJHmw.zip
Filesize
40KB

MD5
ef5dbad7ad3298f25a86a3567e759353

SHA1
f3a1475e996c96b1f120c403b500a33d61d41a67

SHA256
3dc99545b4c3b5983590dd6e4ae323370f8069445d9912e09914bc1a5ab39b1f

SHA512
f0409ab03393a979f8da02c7459799abd7667339864108d6946295141ad3a083d9506137361fb215a54d715e5e6f3e98633e8791d1cbc8ea21492ef2beb0ce38

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\files_\system_info.txt
Filesize
676B

MD5
cdc692f4d77be6b7e74deb408683c99a

SHA1
d983852c43bce30fd7a14f349428c8d58f98137e

SHA256
464ef111738b03f1248375fdb4e4ad99c6a5e566c9199e227664e9c02a232d91

SHA512
3c98b2933edec2caa0aa459b0a203c2a95823480c524f2284b1513fc34573f7df054e8e7b5db8f1a7f4ec0fd9a8752257684d5f2553573b7720a077d94818a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\files_\system_info.txt
Filesize
1KB

MD5
0da6a07f8799225fc2aaf8e4f28e4230

SHA1
2c117bf3690250e06417e773d8538d320ac2a828

SHA256
9f6196a20eb101710c92191f12691c152b0043480a5b579544c9bd7d1cf10fce

SHA512
4c7aba2451527c56213547683613861b726e355439e741fc1e680b5334aabb60cb3ae1950da70068fecc0c88206818400ae254682b054c7a6977b19470b73a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\files_\system_info.txt
Filesize
7KB

MD5
31e4058982431e40f7df7af53413604b

SHA1
0f4d1fe6578b282719031b734e2e453d11eaa7d1

SHA256
4ea6e244b5c230597f6bdcb4a05f9e254fbe65bd4f452a3c7b94cf3041feb0fc

SHA512
f9a45e5cea73b977bb41b2bc721b6f381060b333d4a3d37848a9e83543f2f0712120b70c024dfc36a2618d1a8e2d60c2675ba25f96c3facc8a746882e5be10f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6LNSWxZhbbG\hlRqQMLKdgiia.zip
Filesize
40KB

MD5
551c69cfe5b5c406245381666642fb21

SHA1
d4a17bd3e18fefebda71f66207a3357064ee1d48

SHA256
e55b2d8ae04da37bc572b0fe92e0184db259144850fa28b91233eb5c2c7ffd7c

SHA512
b5c5f32b7c1e35b042b9136258fe558c7eb6453d0cf77f7aa75fd9d3e07e5fea5cf73693caec7abfcbd21dd9e45e3dad6c79e68753b192674689244344b5ffc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\fykmplg.vbs
Filesize
139B

MD5
ad62ebb5a0491621a89223ddfcef18b7

SHA1
c13ce9e23ad1b733deec809111d1096cb8a107dc

SHA256
bcef1c83663a4be52519f324198484a53a7a998b91bf7a2903d0cca338857710

SHA512
f4350083548c07d761ae4ca8e7c0940855410851ebedaacaac4de9444218101a3fc9f9914e50e7ebfed7f1893003323fc1a2e7f24304035719bf114d3309df6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\huheaaoysui.exe
Filesize
2.2MB

MD5
5328b7379d636a677406363321cf566a

SHA1
ad8a0ec5442ed0e607cf95bc163be3e9b9a0fb4c

SHA256
560e45cf3ad6e3e922aa5509f52717a605fe65867222b3c878e49e2fff78fcf7

SHA512
9d73183e9e18c4c39531b37f9a810da60d40b61524ef2afdbaf3feed55d2a7ed626d6d69d42e0f9e4bc2f5bd167481b32d6bb5b8811972be2a546f26a188daab

Download Submit
memory/2840-21-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

Filesize
4KB

Download
memory/2840-239-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-286-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-23-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

Filesize
4KB

Download
memory/2840-24-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-25-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

Filesize
4KB

Download
memory/2840-26-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

Filesize
4KB

Download
memory/2840-27-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2840-28-0x0000000004C00000-0x0000000004C01000-memory.dmp

Filesize
4KB

Download
memory/2840-29-0x0000000004C10000-0x0000000004C11000-memory.dmp

Filesize
4KB

Download
memory/2840-20-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-284-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-280-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-278-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-272-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-270-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-235-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-267-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-264-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-22-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/2840-240-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-261-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-258-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-244-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/2840-255-0x00000000000C0000-0x00000000005E4000-memory.dmp

Filesize
5.1MB

Download
memory/4216-252-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download
memory/4216-242-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download
memory/4216-2-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download
memory/4216-237-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download
memory/4216-236-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download
memory/4216-233-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download
memory/4216-4-0x0000000004F60000-0x0000000004F61000-memory.dmp

Filesize
4KB

Download
memory/4216-5-0x0000000004F70000-0x0000000004F71000-memory.dmp

Filesize
4KB

Download
memory/4216-3-0x0000000004F50000-0x0000000004F51000-memory.dmp

Filesize
4KB

Download
memory/4216-1-0x0000000077574000-0x0000000077576000-memory.dmp

Filesize
8KB

Download
memory/4216-6-0x0000000004F40000-0x0000000004F41000-memory.dmp

Filesize
4KB

Download
memory/4216-0-0x0000000000590000-0x0000000000D1D000-memory.dmp

Filesize
7.6MB

Download