Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

bd726f6f2f...9f.exe

windows7_x64

10

bd726f6f2f...9f.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    30/09/2021, 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd726f6f2f4408c541c619041d8c7c9f.exe

  • Size

    239KB

  • MD5

    bd726f6f2f4408c541c619041d8c7c9f

  • SHA1

    478c8b19b3b736f08b6a7475b29ece5abda36141

  • SHA256

    22c23de0a046b3652861d880ad53bbfca85448d0a6814d34151b1f359839dd37

  • SHA512

    815e74e6b7984365de1ea5106db7a631deb430fd9e099f39717ce1008e60d7858cdbd622113a6bdf0f9d63f669a396d7ea6a2e36fa01b0b1ce319c79057f2872

Score
10/10
raccoonredlinesmokeloadertofseexmrig5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4rsecond build backdoordiscoveryevasioninfostealerminerpersistencespywarestealersuricatathemidatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://fiskahlilian16.top/

http://paishancho17.top/

http://ydiannetter18.top/

http://azarehanelle19.top/

http://quericeriant20.top/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

r

C2

188.72.208.174:38430

Extracted

Family

raccoon

Botnet

5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4

Attributes
  • url4cnc

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Extracted

Family

redline

Botnet

Second BUILD

C2

asyndenera.xyz:15667

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee
  • Windows security bypass 2 TTPs
    evasiontrojan
  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    suricata
  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    suricata
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • XMRig Miner Payload 3 IoCs
    miner
  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Executes dropped EXE 13 IoCs
  • Modifies Windows Firewall 1 TTPs
    evasion
  • Sets service image path in registry 2 TTPs
    persistence
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 5 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd726f6f2f4408c541c619041d8c7c9f.exe
    "C:\Users\Admin\AppData\Local\Temp\bd726f6f2f4408c541c619041d8c7c9f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\bd726f6f2f4408c541c619041d8c7c9f.exe
      "C:\Users\Admin\AppData\Local\Temp\bd726f6f2f4408c541c619041d8c7c9f.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2672
  • C:\Users\Admin\AppData\Local\Temp\E526.exe
    C:\Users\Admin\AppData\Local\Temp\E526.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Users\Admin\AppData\Local\Temp\E526.exe
      C:\Users\Admin\AppData\Local\Temp\E526.exe
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:4048
  • C:\Users\Admin\AppData\Local\Temp\E825.exe
    C:\Users\Admin\AppData\Local\Temp\E825.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2596
    • C:\Users\Admin\AppData\Local\Temp\E825.exe
      C:\Users\Admin\AppData\Local\Temp\E825.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:640
  • C:\Users\Admin\AppData\Local\Temp\F351.exe
    C:\Users\Admin\AppData\Local\Temp\F351.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Users\Admin\AppData\Roaming\F351.exe
      "C:\Users\Admin\AppData\Roaming\F351.exe"
      2⤵
      • Executes dropped EXE
      PID:1732
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Self.bat" "
        3⤵
          PID:412
          • C:\Windows\SysWOW64\chcp.com
            chcp 1251
            4⤵
              PID:1000
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 0 &Del C:\Users\Admin\AppData\Roaming\F351.exe
            3⤵
              PID:3080
              • C:\Windows\SysWOW64\choice.exe
                choice /C Y /N /D Y /T 0
                4⤵
                  PID:896
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Self.bat" "
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2652
              • C:\Windows\SysWOW64\chcp.com
                chcp 1251
                3⤵
                  PID:3980
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 0 &Del F351.exe
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:2568
                • C:\Windows\SysWOW64\choice.exe
                  choice /C Y /N /D Y /T 0
                  3⤵
                    PID:3956
              • C:\Users\Admin\AppData\Local\Temp\FA47.exe
                C:\Users\Admin\AppData\Local\Temp\FA47.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of WriteProcessMemory
                PID:3212
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\weicggnr\
                  2⤵
                    PID:1880
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\wmmmbsyq.exe" C:\Windows\SysWOW64\weicggnr\
                    2⤵
                      PID:3068
                    • C:\Windows\SysWOW64\sc.exe
                      "C:\Windows\System32\sc.exe" create weicggnr binPath= "C:\Windows\SysWOW64\weicggnr\wmmmbsyq.exe /d\"C:\Users\Admin\AppData\Local\Temp\FA47.exe\"" type= own start= auto DisplayName= "wifi support"
                      2⤵
                        PID:2596
                      • C:\Windows\SysWOW64\sc.exe
                        "C:\Windows\System32\sc.exe" description weicggnr "wifi internet conection"
                        2⤵
                          PID:1848
                        • C:\Windows\SysWOW64\sc.exe
                          "C:\Windows\System32\sc.exe" start weicggnr
                          2⤵
                            PID:1420
                          • C:\Windows\SysWOW64\netsh.exe
                            "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
                            2⤵
                              PID:1432
                          • C:\Users\Admin\AppData\Local\Temp\15D.exe
                            C:\Users\Admin\AppData\Local\Temp\15D.exe
                            1⤵
                            • Executes dropped EXE
                            • Checks BIOS information in registry
                            • Checks whether UAC is enabled
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2348
                          • C:\Windows\SysWOW64\weicggnr\wmmmbsyq.exe
                            C:\Windows\SysWOW64\weicggnr\wmmmbsyq.exe /d"C:\Users\Admin\AppData\Local\Temp\FA47.exe"
                            1⤵
                            • Executes dropped EXE
                            • Suspicious use of SetThreadContext
                            PID:1188
                            • C:\Windows\SysWOW64\svchost.exe
                              svchost.exe
                              2⤵
                              • Drops file in System32 directory
                              • Suspicious use of SetThreadContext
                              • Modifies data under HKEY_USERS
                              PID:1352
                              • C:\Windows\SysWOW64\svchost.exe
                                svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half
                                3⤵
                                  PID:1028
                            • C:\Users\Admin\AppData\Local\Temp\EEA.exe
                              C:\Users\Admin\AppData\Local\Temp\EEA.exe
                              1⤵
                              • Executes dropped EXE
                              PID:4088
                              • C:\Users\Admin\AppData\Local\Temp\InternodesPiets_2021-09-29_21-00.exe
                                "C:\Users\Admin\AppData\Local\Temp\InternodesPiets_2021-09-29_21-00.exe"
                                2⤵
                                • Executes dropped EXE
                                PID:1420
                              • C:\Users\Admin\AppData\Local\Temp\Money10k_.exe
                                "C:\Users\Admin\AppData\Local\Temp\Money10k_.exe"
                                2⤵
                                • Executes dropped EXE
                                • Checks BIOS information in registry
                                • Checks whether UAC is enabled
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                PID:3256
                            • C:\Users\Admin\AppData\Local\Temp\18AF.exe
                              C:\Users\Admin\AppData\Local\Temp\18AF.exe
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              PID:2688
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\18AF.exe"
                                2⤵
                                  PID:3104
                                  • C:\Windows\SysWOW64\timeout.exe
                                    timeout /T 10 /NOBREAK
                                    3⤵
                                    • Delays execution with timeout.exe
                                    PID:644

                              Network

                              MITRE ATT&CK Enterprise v6

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • memory/640-157-0x0000000005280000-0x0000000005886000-memory.dmp

                                Filesize

                                6.0MB

                                Download

                              • memory/640-150-0x00000000052A0000-0x00000000052A1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-151-0x00000000053D0000-0x00000000053D1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-198-0x00000000072E0000-0x00000000072E1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-149-0x0000000005890000-0x0000000005891000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-155-0x0000000005340000-0x0000000005341000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-156-0x0000000005380000-0x0000000005381000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-197-0x0000000006BE0000-0x0000000006BE1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/640-143-0x0000000000400000-0x0000000000422000-memory.dmp

                                Filesize

                                136KB

                                Download

                              • memory/640-201-0x0000000006ED0000-0x0000000006ED1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1028-236-0x0000000000A00000-0x0000000000AF1000-memory.dmp

                                Filesize

                                964KB

                                Download

                              • memory/1028-231-0x0000000000A00000-0x0000000000AF1000-memory.dmp

                                Filesize

                                964KB

                                Download

                              • memory/1184-139-0x0000000002580000-0x00000000025D1000-memory.dmp

                                Filesize

                                324KB

                                Download

                              • memory/1184-137-0x0000000000300000-0x0000000000301000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1184-142-0x00000000057E0000-0x00000000057E1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1184-141-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1184-140-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1188-204-0x0000000000400000-0x000000000086C000-memory.dmp

                                Filesize

                                4.4MB

                                Download

                              • memory/1188-203-0x0000000000950000-0x0000000000A9A000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/1352-193-0x0000000000E00000-0x0000000000E15000-memory.dmp

                                Filesize

                                84KB

                                Download

                              • memory/1352-205-0x0000000000E00000-0x0000000000E15000-memory.dmp

                                Filesize

                                84KB

                                Download

                              • memory/1420-260-0x0000000001F40000-0x0000000001F70000-memory.dmp

                                Filesize

                                192KB

                                Download

                              • memory/1420-262-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1420-261-0x0000000000400000-0x000000000045D000-memory.dmp

                                Filesize

                                372KB

                                Download

                              • memory/1420-263-0x0000000004CC2000-0x0000000004CC3000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1420-264-0x0000000004CC3000-0x0000000004CC4000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/1420-265-0x0000000004CC4000-0x0000000004CC6000-memory.dmp

                                Filesize

                                8KB

                                Download

                              • memory/1420-254-0x0000000002400000-0x000000000241E000-memory.dmp

                                Filesize

                                120KB

                                Download

                              • memory/1420-252-0x0000000002000000-0x000000000201F000-memory.dmp

                                Filesize

                                124KB

                                Download

                              • memory/2348-182-0x0000000005300000-0x0000000005301000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2348-171-0x00000000012A0000-0x00000000012A1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2348-229-0x00000000080C0000-0x00000000080C1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2348-174-0x00000000771D0000-0x000000007735E000-memory.dmp

                                Filesize

                                1.6MB

                                Download

                              • memory/2548-117-0x0000000000030000-0x0000000000039000-memory.dmp

                                Filesize

                                36KB

                                Download

                              • memory/2596-128-0x0000000002770000-0x0000000002771000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2596-127-0x0000000004D60000-0x0000000004D61000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2596-125-0x00000000004E0000-0x00000000004E1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2596-132-0x0000000005390000-0x0000000005391000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2596-133-0x0000000004E80000-0x0000000004E81000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2672-115-0x0000000000400000-0x0000000000409000-memory.dmp

                                Filesize

                                36KB

                                Download

                              • memory/2688-218-0x0000000000400000-0x00000000008AC000-memory.dmp

                                Filesize

                                4.7MB

                                Download

                              • memory/2688-217-0x0000000000DD0000-0x0000000000E60000-memory.dmp

                                Filesize

                                576KB

                                Download

                              • memory/3028-282-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-306-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-118-0x0000000000C90000-0x0000000000CA5000-memory.dmp

                                Filesize

                                84KB

                                Download

                              • memory/3028-321-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-320-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-319-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-317-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-318-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-316-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-315-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-313-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-314-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-312-0x0000000002DA0000-0x0000000002DB0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-311-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-310-0x0000000002DA0000-0x0000000002DB0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-158-0x0000000000D00000-0x0000000000D15000-memory.dmp

                                Filesize

                                84KB

                                Download

                              • memory/3028-308-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-309-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-307-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-283-0x00000000049B0000-0x00000000049C0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-281-0x0000000000C30000-0x0000000000C40000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-285-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-287-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-284-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-288-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-286-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-289-0x00000000049D0000-0x00000000049E0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-290-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-291-0x00000000049D0000-0x00000000049E0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-293-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-292-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-295-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-294-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-296-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-298-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-297-0x00000000049D0000-0x00000000049E0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-299-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-300-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-301-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-302-0x0000000000C30000-0x0000000000C40000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-303-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-304-0x0000000002DA0000-0x0000000002DB0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3028-305-0x0000000004990000-0x00000000049A0000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/3212-160-0x0000000000400000-0x000000000086C000-memory.dmp

                                Filesize

                                4.4MB

                                Download

                              • memory/3212-159-0x0000000000870000-0x00000000009BA000-memory.dmp

                                Filesize

                                1.3MB

                                Download

                              • memory/3256-243-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/3256-251-0x00000000039C0000-0x00000000039C1000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/3256-250-0x0000000005C20000-0x0000000005C21000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/3256-246-0x00000000771D0000-0x000000007735E000-memory.dmp

                                Filesize

                                1.6MB

                                Download

                              • memory/4088-191-0x0000000000240000-0x0000000000241000-memory.dmp

                                Filesize

                                4KB

                                Download