smokeloader | 91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f

Resubmissions

16-10-2020 05:49

201016-1g17p444t6 10

15-10-2020 18:27

201015-k8r5q4zt2a 10

Analysis

max time kernel
151s
max time network
145s
platform
windows7_x64
resource
win7v200722
submitted
15-10-2020 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bemaji.exe
Size

135KB
MD5

6cc41d1ccd61ccdb3857703f83959aca
SHA1

caf89ae09f7435dcef4e886b056d020ee34925cf
SHA256

91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f
SHA512

4adde26f8e13509a6ead86ebe23b7b45742e4dea5faf364b0559f0b5142b8faa2e8331e79528e60af1e290804e9ebbc29cba94833cede3e723b83b55fd7bcc8e

Score

10^/10

spyware trojan backdoor smokeloader

Malware Config

Extracted

Family

smokeloader

Version

2020

http://sm15sdsd.xyz/

rc4.i32

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Executes dropped EXE 6 IoCs

Processes:

7B96.exe8086.exe8086.exensxd.exeeuehuo.exeeuehuo.exe

pid process

1584 7B96.exe
1640 8086.exe
1680 8086.exe
1460 nsxd.exe
1736 euehuo.exe
744 euehuo.exe
Deletes itself 1 IoCs

Processes:

pid process

1224
Loads dropped DLL 4 IoCs

Processes:

bemaji.exe8086.exe

pid process

1504 bemaji.exe
1640 8086.exe
1640 8086.exe
1640 8086.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Drops file in Windows directory 2 IoCs

Processes:

7B96.exe

description ioc process

File created C:\Windows\Tasks\nsxd.job 7B96.exe
File opened for modification C:\Windows\Tasks\nsxd.job 7B96.exe

pid	process
1584	7B96.exe
1640	8086.exe
1680	8086.exe
1460	nsxd.exe
1736	euehuo.exe
744	euehuo.exe

pid	process
1224

description	ioc	process
File created	C:\Windows\Tasks\nsxd.job	7B96.exe
File opened for modification	C:\Windows\Tasks\nsxd.job	7B96.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

bemaji.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	bemaji.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	bemaji.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	bemaji.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1028 schtasks.exe

pid	process
1028	schtasks.exe

Suspicious behavior: EnumeratesProcesses 783 IoCs

Processes:

bemaji.exe

pid	process
1504	bemaji.exe
1504	bemaji.exe
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224

Suspicious behavior: MapViewOfSection 23 IoCs

Processes:

bemaji.exe

pid process

1504 bemaji.exe
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
1224
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

description pid process

Token: SeShutdownPrivilege 1224
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

pid process

1224
1224
1224
1224
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

pid process

1224
1224
1224
1224

description	pid	process
Token: SeShutdownPrivilege	1224

pid	process
1224
1224
1224
1224

pid	process
1224
1224
1224
1224

Suspicious use of WriteProcessMemory 79 IoCs

Processes:

8086.exetaskeng.exe

description	pid	process	target process
PID 1224 wrote to memory of 1584	1224		7B96.exe
PID 1224 wrote to memory of 1584	1224		7B96.exe
PID 1224 wrote to memory of 1584	1224		7B96.exe
PID 1224 wrote to memory of 1584	1224		7B96.exe
PID 1224 wrote to memory of 1640	1224		8086.exe
PID 1224 wrote to memory of 1640	1224		8086.exe
PID 1224 wrote to memory of 1640	1224		8086.exe
PID 1224 wrote to memory of 1640	1224		8086.exe
PID 1224 wrote to memory of 1548	1224		explorer.exe
PID 1224 wrote to memory of 1548	1224		explorer.exe
PID 1224 wrote to memory of 1548	1224		explorer.exe
PID 1224 wrote to memory of 1548	1224		explorer.exe
PID 1224 wrote to memory of 1548	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 1112	1224		explorer.exe
PID 1224 wrote to memory of 1112	1224		explorer.exe
PID 1224 wrote to memory of 1112	1224		explorer.exe
PID 1224 wrote to memory of 1112	1224		explorer.exe
PID 1224 wrote to memory of 1112	1224		explorer.exe
PID 1224 wrote to memory of 828	1224		explorer.exe
PID 1224 wrote to memory of 828	1224		explorer.exe
PID 1224 wrote to memory of 828	1224		explorer.exe
PID 1224 wrote to memory of 828	1224		explorer.exe
PID 1224 wrote to memory of 828	1224		explorer.exe
PID 1224 wrote to memory of 1260	1224		explorer.exe
PID 1224 wrote to memory of 1260	1224		explorer.exe
PID 1224 wrote to memory of 1260	1224		explorer.exe
PID 1224 wrote to memory of 1260	1224		explorer.exe
PID 1224 wrote to memory of 1260	1224		explorer.exe
PID 1640 wrote to memory of 1680	1640	8086.exe	8086.exe
PID 1640 wrote to memory of 1680	1640	8086.exe	8086.exe
PID 1640 wrote to memory of 1680	1640	8086.exe	8086.exe
PID 1640 wrote to memory of 1680	1640	8086.exe	8086.exe
PID 1224 wrote to memory of 1992	1224		explorer.exe
PID 1224 wrote to memory of 1992	1224		explorer.exe
PID 1224 wrote to memory of 1992	1224		explorer.exe
PID 1224 wrote to memory of 1992	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 736	1224		explorer.exe
PID 1224 wrote to memory of 1508	1224		explorer.exe
PID 1224 wrote to memory of 1508	1224		explorer.exe
PID 1224 wrote to memory of 1508	1224		explorer.exe
PID 1224 wrote to memory of 1508	1224		explorer.exe
PID 1224 wrote to memory of 1976	1224		explorer.exe
PID 1224 wrote to memory of 1976	1224		explorer.exe
PID 1224 wrote to memory of 1976	1224		explorer.exe
PID 1224 wrote to memory of 1976	1224		explorer.exe
PID 1224 wrote to memory of 1976	1224		explorer.exe
PID 1588 wrote to memory of 1460	1588	taskeng.exe	nsxd.exe
PID 1588 wrote to memory of 1460	1588	taskeng.exe	nsxd.exe
PID 1588 wrote to memory of 1460	1588	taskeng.exe	nsxd.exe
PID 1588 wrote to memory of 1460	1588	taskeng.exe	nsxd.exe
PID 1640 wrote to memory of 1736	1640	8086.exe	euehuo.exe
PID 1640 wrote to memory of 1736	1640	8086.exe	euehuo.exe
PID 1640 wrote to memory of 1736	1640	8086.exe	euehuo.exe
PID 1640 wrote to memory of 1736	1640	8086.exe	euehuo.exe
PID 1640 wrote to memory of 1028	1640	8086.exe	schtasks.exe
PID 1640 wrote to memory of 1028	1640	8086.exe	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\bemaji.exe
"C:\Users\Admin\AppData\Local\Temp\bemaji.exe"
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1504

C:\Users\Admin\AppData\Local\Temp\7B96.exe
C:\Users\Admin\AppData\Local\Temp\7B96.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1584

C:\Users\Admin\AppData\Local\Temp\8086.exe
C:\Users\Admin\AppData\Local\Temp\8086.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640

C:\Users\Admin\AppData\Local\Temp\8086.exe
C:\Users\Admin\AppData\Local\Temp\8086.exe /C
2⤵
- Executes dropped EXE
PID:1680

C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
2⤵
- Executes dropped EXE
PID:1736

C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe /C
3⤵
- Executes dropped EXE
PID:744

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn wdvkblrxzf /tr "\"C:\Users\Admin\AppData\Local\Temp\8086.exe\" /I wdvkblrxzf" /SC ONCE /Z /ST 20:27 /ET 20:39
2⤵
- Creates scheduled task(s)
PID:1028

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:1548

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:736

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:1112

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:828

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:1260

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:1992

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:736

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:1508

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:1976

C:\Windows\system32\taskeng.exe
taskeng.exe {70BFB650-2C45-4C31-B514-653E86E0A8BE} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1588

C:\ProgramData\kjqipi\nsxd.exe
C:\ProgramData\kjqipi\nsxd.exe start
2⤵
- Executes dropped EXE
PID:1460

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:1936

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\kjqipi\nsxd.exe
MD5
0e23988a7ad64e9f03a2a7c3e9637330

SHA1
8a7827bb2ecc1a57f23a489f034d7c9629523eaf

SHA256
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9

SHA512
046f6813425def94526334eb1adbf9a06af1a32b3d0ea921813c977e084dfea31b294014876bad47d911d9c66d7e67cba5d9caa21e9856a00c4a2b895d3d1b48

Download Submit
C:\ProgramData\kjqipi\nsxd.exe
MD5
0e23988a7ad64e9f03a2a7c3e9637330

SHA1
8a7827bb2ecc1a57f23a489f034d7c9629523eaf

SHA256
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9

SHA512
046f6813425def94526334eb1adbf9a06af1a32b3d0ea921813c977e084dfea31b294014876bad47d911d9c66d7e67cba5d9caa21e9856a00c4a2b895d3d1b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\7B96.exe
MD5
0e23988a7ad64e9f03a2a7c3e9637330

SHA1
8a7827bb2ecc1a57f23a489f034d7c9629523eaf

SHA256
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9

SHA512
046f6813425def94526334eb1adbf9a06af1a32b3d0ea921813c977e084dfea31b294014876bad47d911d9c66d7e67cba5d9caa21e9856a00c4a2b895d3d1b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\7B96.exe
MD5
0e23988a7ad64e9f03a2a7c3e9637330

SHA1
8a7827bb2ecc1a57f23a489f034d7c9629523eaf

SHA256
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9

SHA512
046f6813425def94526334eb1adbf9a06af1a32b3d0ea921813c977e084dfea31b294014876bad47d911d9c66d7e67cba5d9caa21e9856a00c4a2b895d3d1b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\8086.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\8086.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\8086.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
\??\PIPE\wkssvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\554B.tmp
MD5
d124f55b9393c976963407dff51ffa79

SHA1
2c7bbedd79791bfb866898c85b504186db610b5d

SHA256
ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

SHA512
278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

Download Submit
\Users\Admin\AppData\Local\Temp\8086.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Jblqaew\euehuo.exe
MD5
7bfc9747a217ec58395bd59f876e389f

SHA1
2c4b1d4a484e193e26327339ed38a4f05fd637dd

SHA256
f2704a029672c04f28e738da8d859163ac807b158261e6a48edb279a132743ff

SHA512
22959911f63bc551ee26aba716c0f2e6bd5ccc55c610fdf7474cd687886e74fcd4b6ca0158694f31961ee9692fbcf00003995444cd97551f6ed34d71e6340b76

Download Submit
memory/736-50-0x0000000000060000-0x000000000006C000-memory.dmp

Filesize
48KB

Download
memory/736-51-0x0000000000070000-0x0000000000077000-memory.dmp

Filesize
28KB

Download
memory/736-382-0x0000000000090000-0x0000000000095000-memory.dmp

Filesize
20KB

Download
memory/736-380-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/736-376-0x0000000000000000-mapping.dmp

Download
memory/736-49-0x0000000000000000-mapping.dmp

Download
memory/744-674-0x0000000000000000-mapping.dmp

Download
memory/828-229-0x0000000000080000-0x000000000008B000-memory.dmp

Filesize
44KB

Download
memory/828-230-0x0000000000090000-0x000000000009A000-memory.dmp

Filesize
40KB

Download
memory/828-228-0x0000000000000000-mapping.dmp

Download
memory/1028-654-0x0000000000000000-mapping.dmp

Download
memory/1112-143-0x0000000000090000-0x0000000000094000-memory.dmp

Filesize
16KB

Download
memory/1112-141-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/1112-139-0x0000000000000000-mapping.dmp

Download
memory/1224-1034-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-813-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-181-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-182-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-183-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-184-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-185-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-186-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-187-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-189-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-188-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-190-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-191-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-192-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-193-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-194-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-195-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-196-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-226-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-227-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-179-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-178-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-177-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-1032-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1031-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1030-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-176-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-175-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-1028-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-174-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-335-0x0000000002670000-0x000000000267E000-memory.dmp

Filesize
56KB

Download
memory/1224-1038-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1037-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1036-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-173-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-172-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-171-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-1027-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1026-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1025-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-170-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-1035-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-542-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-543-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-544-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-545-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-546-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-547-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-548-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-549-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-550-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-551-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-552-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-553-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-554-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-555-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-556-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-557-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-558-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-559-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-560-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-561-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-562-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-563-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-564-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-565-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-566-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-567-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-568-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-569-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-570-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-137-0x0000000002650000-0x0000000002657000-memory.dmp

Filesize
28KB

Download
memory/1224-572-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-573-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-574-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-1024-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1023-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1022-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1021-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1020-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1019-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-10-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1224-1018-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1017-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1016-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1015-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-571-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-1033-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1029-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1014-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1013-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-3-0x0000000002A90000-0x0000000002AA6000-memory.dmp

Filesize
88KB

Download
memory/1224-725-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-726-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1012-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1011-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-806-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-807-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-808-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-809-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-810-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-811-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-812-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-180-0x0000000002650000-0x0000000002654000-memory.dmp

Filesize
16KB

Download
memory/1224-814-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-815-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-816-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-817-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-818-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-819-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-820-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-821-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-822-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-823-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-824-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-825-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-827-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-826-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-828-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-829-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-830-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-831-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-832-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-833-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-834-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-835-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-836-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-837-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-838-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-839-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-840-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-841-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-955-0x0000000002670000-0x000000000267E000-memory.dmp

Filesize
56KB

Download
memory/1224-956-0x0000000002670000-0x000000000267E000-memory.dmp

Filesize
56KB

Download
memory/1224-1010-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1009-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1008-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-963-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-964-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-965-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-966-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-967-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-968-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-969-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-970-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-971-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-972-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-973-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-974-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-975-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-976-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-977-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-978-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-979-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-980-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-981-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-982-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-983-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-984-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-985-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-986-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-987-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-988-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-989-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-990-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-991-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-992-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-993-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-994-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-995-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-996-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-997-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-998-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-999-0x0000000002650000-0x0000000002656000-memory.dmp

Filesize
24KB

Download
memory/1224-1002-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1003-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1004-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1005-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1006-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1224-1007-0x0000000002650000-0x0000000002655000-memory.dmp

Filesize
20KB

Download
memory/1260-285-0x0000000000000000-mapping.dmp

Download
memory/1260-287-0x0000000000080000-0x000000000008B000-memory.dmp

Filesize
44KB

Download
memory/1260-288-0x0000000000090000-0x0000000000097000-memory.dmp

Filesize
28KB

Download
memory/1460-619-0x0000000000ED0000-0x0000000000EE1000-memory.dmp

Filesize
68KB

Download
memory/1460-615-0x0000000000000000-mapping.dmp

Download
memory/1460-618-0x000000000097B000-0x000000000097C000-memory.dmp

Filesize
4KB

Download
memory/1504-1-0x0000000002140000-0x0000000002151000-memory.dmp

Filesize
68KB

Download
memory/1504-0-0x00000000002EB000-0x00000000002EC000-memory.dmp

Filesize
4KB

Download
memory/1508-426-0x0000000000060000-0x000000000006C000-memory.dmp

Filesize
48KB

Download
memory/1508-423-0x0000000000000000-mapping.dmp

Download
memory/1508-428-0x0000000000070000-0x0000000000076000-memory.dmp

Filesize
24KB

Download
memory/1548-11-0x0000000000000000-mapping.dmp

Download
memory/1548-23-0x0000000000110000-0x000000000017B000-memory.dmp

Filesize
428KB

Download
memory/1584-6-0x0000000000D3B000-0x0000000000D3C000-memory.dmp

Filesize
4KB

Download
memory/1584-4-0x0000000000000000-mapping.dmp

Download
memory/1584-7-0x0000000002220000-0x0000000002231000-memory.dmp

Filesize
68KB

Download
memory/1640-8-0x0000000000000000-mapping.dmp

Download
memory/1676-961-0x00000000000F0000-0x0000000000112000-memory.dmp

Filesize
136KB

Download
memory/1676-958-0x0000000000000000-mapping.dmp

Download
memory/1676-960-0x00000000000C0000-0x00000000000E7000-memory.dmp

Filesize
156KB

Download
memory/1680-622-0x0000000002690000-0x00000000026A1000-memory.dmp

Filesize
68KB

Download
memory/1680-320-0x0000000000000000-mapping.dmp

Download
memory/1736-648-0x0000000000000000-mapping.dmp

Download
memory/1936-727-0x0000000000000000-mapping.dmp

Download
memory/1936-728-0x0000000000060000-0x0000000000069000-memory.dmp

Filesize
36KB

Download
memory/1976-682-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/1976-683-0x0000000000090000-0x0000000000094000-memory.dmp

Filesize
16KB

Download
memory/1976-483-0x0000000000000000-mapping.dmp

Download
memory/1992-345-0x0000000000070000-0x0000000000079000-memory.dmp

Filesize
36KB

Download
memory/1992-343-0x0000000000060000-0x000000000006E000-memory.dmp

Filesize
56KB

Download
memory/1992-339-0x0000000000000000-mapping.dmp

Download