Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    04-06-2022 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14.exe

  • Size

    180KB

  • MD5

    23456d51bba1cf148ae1f7e9ffcd4ec3

  • SHA1

    9dc4abccb1b3892c2e2c824072b07659771c1fd2

  • SHA256

    1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14

  • SHA512

    666cb991137ce2c18220efbbe18767e174a3694ff1712de4d00cf147cb90fbdfce4b03444f10d359d695a457408615dcc09cd7cc812672b30ea86b54f6461d38

Score
10/10
tofseexmrigevasionminerpersistencespywaresuricatatrojanvmprotect

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Signatures

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee
  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata
  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner Payload 2 IoCs
    miner
  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14.exe
    "C:\Users\Admin\AppData\Local\Temp\1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3368
  • C:\Users\Admin\AppData\Local\Temp\6AEF.exe
    C:\Users\Admin\AppData\Local\Temp\6AEF.exe
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:3524
  • C:\Users\Admin\AppData\Local\Temp\7C26.exe
    C:\Users\Admin\AppData\Local\Temp\7C26.exe
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\yaolbrfm\
      2⤵
        PID:4952
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\cfolnfvy.exe" C:\Windows\SysWOW64\yaolbrfm\
        2⤵
          PID:972
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" create yaolbrfm binPath= "C:\Windows\SysWOW64\yaolbrfm\cfolnfvy.exe /d\"C:\Users\Admin\AppData\Local\Temp\7C26.exe\"" type= own start= auto DisplayName= "wifi support"
          2⤵
          • Launches sc.exe
          PID:3864
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" description yaolbrfm "wifi internet conection"
          2⤵
          • Launches sc.exe
          PID:764
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" start yaolbrfm
          2⤵
          • Launches sc.exe
          PID:3572
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
          2⤵
          • Modifies Windows Firewall
          PID:3772
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 676
          2⤵
          • Program crash
          PID:5332
      • C:\Users\Admin\AppData\Local\Temp\94B0.exe
        C:\Users\Admin\AppData\Local\Temp\94B0.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        PID:3856
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          2⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:39636
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 36136
          2⤵
          • Program crash
          PID:39704
      • C:\Windows\SysWOW64\yaolbrfm\cfolnfvy.exe
        C:\Windows\SysWOW64\yaolbrfm\cfolnfvy.exe /d"C:\Users\Admin\AppData\Local\Temp\7C26.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4712
        • C:\Windows\SysWOW64\svchost.exe
          svchost.exe
          2⤵
          • Sets service image path in registry
          • Drops file in System32 directory
          • Suspicious use of SetThreadContext
          • Modifies data under HKEY_USERS
          PID:18956
          • C:\Windows\SysWOW64\svchost.exe
            svchost.exe -o fastpool.xyz:10060 -u 9mLwUkiK8Yp89zQQYodWKN29jVVVz1cWDFZctWxge16Zi3TpHnSBnnVcCDhSRXdesnMBdVjtDwh1N71KD9z37EzgKSM1tmS.60000 -p x -k -a cn/half
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:36540
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 548
          2⤵
          • Program crash
          PID:19436
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:4808
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 868
            2⤵
            • Program crash
            PID:5908
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2180 -ip 2180
          1⤵
            PID:3864
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4808 -ip 4808
            1⤵
              PID:5620
            • C:\Windows\explorer.exe
              C:\Windows\explorer.exe
              1⤵
                PID:5664
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4712 -ip 4712
                1⤵
                  PID:19268
                • C:\Windows\SysWOW64\explorer.exe
                  C:\Windows\SysWOW64\explorer.exe
                  1⤵
                    PID:21360
                  • C:\Windows\explorer.exe
                    C:\Windows\explorer.exe
                    1⤵
                      PID:23276
                    • C:\Windows\SysWOW64\explorer.exe
                      C:\Windows\SysWOW64\explorer.exe
                      1⤵
                        PID:25112
                      • C:\Windows\explorer.exe
                        C:\Windows\explorer.exe
                        1⤵
                          PID:26960
                        • C:\Windows\SysWOW64\explorer.exe
                          C:\Windows\SysWOW64\explorer.exe
                          1⤵
                            PID:28780
                          • C:\Windows\SysWOW64\explorer.exe
                            C:\Windows\SysWOW64\explorer.exe
                            1⤵
                              PID:30196
                            • C:\Windows\SysWOW64\explorer.exe
                              C:\Windows\SysWOW64\explorer.exe
                              1⤵
                                PID:31488
                              • C:\Windows\explorer.exe
                                C:\Windows\explorer.exe
                                1⤵
                                  PID:32824
                                • C:\Windows\SysWOW64\explorer.exe
                                  C:\Windows\SysWOW64\explorer.exe
                                  1⤵
                                    PID:34120
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3856 -ip 3856
                                    1⤵
                                      PID:39672

                                    Network

                                    MITRE ATT&CK Enterprise v6

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Temp\6AEF.exe
                                      Filesize

                                      4.0MB

                                      MD5

                                      c1efe4a3f1e561fd42d27fbac415e6b1

                                      SHA1

                                      0a8b855df77abeffe7e7d19e2326a0de44a617e8

                                      SHA256

                                      c5df743f3cb4fa76f1b7394fb9f05b43b27eaae820bc95908ccca9736fea3b01

                                      SHA512

                                      ecf3bca0ee706611cd768f92e49c3ca9ba7576f048f1e5e166158ba87f49b93bb00b464bd6af51b4027d33483ce997b75709b168daa3c44b7168136f38152648

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\6AEF.exe
                                      Filesize

                                      4.0MB

                                      MD5

                                      c1efe4a3f1e561fd42d27fbac415e6b1

                                      SHA1

                                      0a8b855df77abeffe7e7d19e2326a0de44a617e8

                                      SHA256

                                      c5df743f3cb4fa76f1b7394fb9f05b43b27eaae820bc95908ccca9736fea3b01

                                      SHA512

                                      ecf3bca0ee706611cd768f92e49c3ca9ba7576f048f1e5e166158ba87f49b93bb00b464bd6af51b4027d33483ce997b75709b168daa3c44b7168136f38152648

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\7C26.exe
                                      Filesize

                                      200KB

                                      MD5

                                      8a7403f31412617d3dc0f1a2e36f63a2

                                      SHA1

                                      ec344995cfc36914ee33fdfe1115e483fde9ba60

                                      SHA256

                                      4ba46ded90040dd549614208eb6afc0654cc5ffb3dde12807c2cb2438c93d75f

                                      SHA512

                                      a96302a86c5159b3e0d40fa60b8c5d406b9897d5de3c2c4f57e1504abd0429524502ade13902ad5744d027cfa594e6b48d91a32324810c53de5c4330237e26fa

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\7C26.exe
                                      Filesize

                                      200KB

                                      MD5

                                      8a7403f31412617d3dc0f1a2e36f63a2

                                      SHA1

                                      ec344995cfc36914ee33fdfe1115e483fde9ba60

                                      SHA256

                                      4ba46ded90040dd549614208eb6afc0654cc5ffb3dde12807c2cb2438c93d75f

                                      SHA512

                                      a96302a86c5159b3e0d40fa60b8c5d406b9897d5de3c2c4f57e1504abd0429524502ade13902ad5744d027cfa594e6b48d91a32324810c53de5c4330237e26fa

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\94B0.exe
                                      Filesize

                                      2.2MB

                                      MD5

                                      fdf46a0643587d0666f42c3c6d384742

                                      SHA1

                                      f020620d39130f3006c7a8655cbdbbbc1dca45e8

                                      SHA256

                                      de16d8c0102d1a64c301bc013f45f75911ed7617ec0900f369a34740f18670ee

                                      SHA512

                                      23eec213e881f83b16831e6a492d95375db626170d113ecd858f1687e1b8fae55dde7247e0fcd1afff8aacd063953979f06073df23c86f7af8fbae0c597fba6a

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\94B0.exe
                                      Filesize

                                      2.2MB

                                      MD5

                                      fdf46a0643587d0666f42c3c6d384742

                                      SHA1

                                      f020620d39130f3006c7a8655cbdbbbc1dca45e8

                                      SHA256

                                      de16d8c0102d1a64c301bc013f45f75911ed7617ec0900f369a34740f18670ee

                                      SHA512

                                      23eec213e881f83b16831e6a492d95375db626170d113ecd858f1687e1b8fae55dde7247e0fcd1afff8aacd063953979f06073df23c86f7af8fbae0c597fba6a

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Temp\cfolnfvy.exe
                                      Filesize

                                      11.7MB

                                      MD5

                                      a2962d3687b4267339c503bbde524acd

                                      SHA1

                                      ac806f1d6e08b313aa801c88f8fdb64ea8e0d5a4

                                      SHA256

                                      fe2c96e8f1123cbd87ffcae9359495bcb7f1351dc8a46f78b13d6759b50ac07d

                                      SHA512

                                      53dc56fdacde79a75cb221465ff7e96facd7c784c8da2b258a915b26c97a32af280eca135b8df0aac3095671c83834f5295e7a2877ca8f75eac71f7d325b4517

                                      Download Submit
                                    • C:\Windows\SysWOW64\config\systemprofile\
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit
                                    • C:\Windows\SysWOW64\yaolbrfm\cfolnfvy.exe
                                      Filesize

                                      11.7MB

                                      MD5

                                      a2962d3687b4267339c503bbde524acd

                                      SHA1

                                      ac806f1d6e08b313aa801c88f8fdb64ea8e0d5a4

                                      SHA256

                                      fe2c96e8f1123cbd87ffcae9359495bcb7f1351dc8a46f78b13d6759b50ac07d

                                      SHA512

                                      53dc56fdacde79a75cb221465ff7e96facd7c784c8da2b258a915b26c97a32af280eca135b8df0aac3095671c83834f5295e7a2877ca8f75eac71f7d325b4517

                                      Download Submit
                                    • memory/764-150-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/972-147-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/2180-139-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/2180-143-0x0000000000ADF000-0x0000000000AED000-memory.dmp
                                      Filesize

                                      56KB

                                      Download
                                    • memory/2180-144-0x0000000000970000-0x0000000000983000-memory.dmp
                                      Filesize

                                      76KB

                                      Download
                                    • memory/2180-145-0x0000000000400000-0x00000000008FB000-memory.dmp
                                      Filesize

                                      5.0MB

                                      Download
                                    • memory/2180-160-0x0000000000400000-0x00000000008FB000-memory.dmp
                                      Filesize

                                      5.0MB

                                      Download
                                    • memory/2180-158-0x0000000000ADF000-0x0000000000AED000-memory.dmp
                                      Filesize

                                      56KB

                                      Download
                                    • memory/3368-133-0x0000000000400000-0x00000000008F6000-memory.dmp
                                      Filesize

                                      5.0MB

                                      Download
                                    • memory/3368-130-0x0000000000B7F000-0x0000000000B88000-memory.dmp
                                      Filesize

                                      36KB

                                      Download
                                    • memory/3368-131-0x0000000000A90000-0x0000000000A99000-memory.dmp
                                      Filesize

                                      36KB

                                      Download
                                    • memory/3368-132-0x0000000000400000-0x00000000008F6000-memory.dmp
                                      Filesize

                                      5.0MB

                                      Download
                                    • memory/3524-138-0x0000000000400000-0x0000000000B33000-memory.dmp
                                      Filesize

                                      7.2MB

                                      Download
                                    • memory/3524-142-0x0000000000400000-0x0000000000B33000-memory.dmp
                                      Filesize

                                      7.2MB

                                      Download
                                    • memory/3524-134-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/3524-137-0x0000000000400000-0x0000000000B33000-memory.dmp
                                      Filesize

                                      7.2MB

                                      Download
                                    • memory/3572-151-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/3772-156-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/3856-231-0x0000000000400000-0x000000000053B000-memory.dmp
                                      Filesize

                                      1.2MB

                                      Download
                                    • memory/3856-152-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/3864-149-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/4712-197-0x0000000000400000-0x00000000008FB000-memory.dmp
                                      Filesize

                                      5.0MB

                                      Download
                                    • memory/4712-169-0x0000000000B3A000-0x0000000000B48000-memory.dmp
                                      Filesize

                                      56KB

                                      Download
                                    • memory/4712-170-0x0000000000400000-0x00000000008FB000-memory.dmp
                                      Filesize

                                      5.0MB

                                      Download
                                    • memory/4808-163-0x0000000000EB0000-0x0000000000F24000-memory.dmp
                                      Filesize

                                      464KB

                                      Download
                                    • memory/4808-164-0x0000000000E40000-0x0000000000EAB000-memory.dmp
                                      Filesize

                                      428KB

                                      Download
                                    • memory/4808-157-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/4952-146-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/5664-161-0x00000000012D0000-0x00000000012D7000-memory.dmp
                                      Filesize

                                      28KB

                                      Download
                                    • memory/5664-162-0x00000000012C0000-0x00000000012CC000-memory.dmp
                                      Filesize

                                      48KB

                                      Download
                                    • memory/5664-159-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/18956-213-0x0000000007D00000-0x000000000810B000-memory.dmp
                                      Filesize

                                      4.0MB

                                      Download
                                    • memory/18956-198-0x0000000000F00000-0x0000000000F15000-memory.dmp
                                      Filesize

                                      84KB

                                      Download
                                    • memory/18956-201-0x0000000002E00000-0x000000000300F000-memory.dmp
                                      Filesize

                                      2.1MB

                                      Download
                                    • memory/18956-204-0x0000000002570000-0x0000000002576000-memory.dmp
                                      Filesize

                                      24KB

                                      Download
                                    • memory/18956-207-0x0000000002580000-0x0000000002590000-memory.dmp
                                      Filesize

                                      64KB

                                      Download
                                    • memory/18956-210-0x00000000025D0000-0x00000000025D5000-memory.dmp
                                      Filesize

                                      20KB

                                      Download
                                    • memory/18956-171-0x0000000000F00000-0x0000000000F15000-memory.dmp
                                      Filesize

                                      84KB

                                      Download
                                    • memory/18956-216-0x00000000025E0000-0x00000000025E7000-memory.dmp
                                      Filesize

                                      28KB

                                      Download
                                    • memory/18956-165-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/18956-166-0x0000000000F00000-0x0000000000F15000-memory.dmp
                                      Filesize

                                      84KB

                                      Download
                                    • memory/21360-174-0x0000000000900000-0x000000000090B000-memory.dmp
                                      Filesize

                                      44KB

                                      Download
                                    • memory/21360-173-0x0000000000910000-0x0000000000917000-memory.dmp
                                      Filesize

                                      28KB

                                      Download
                                    • memory/21360-226-0x0000000000910000-0x0000000000917000-memory.dmp
                                      Filesize

                                      28KB

                                      Download
                                    • memory/21360-172-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/23276-228-0x0000000000D90000-0x0000000000D99000-memory.dmp
                                      Filesize

                                      36KB

                                      Download
                                    • memory/23276-177-0x0000000000D80000-0x0000000000D8F000-memory.dmp
                                      Filesize

                                      60KB

                                      Download
                                    • memory/23276-176-0x0000000000D90000-0x0000000000D99000-memory.dmp
                                      Filesize

                                      36KB

                                      Download
                                    • memory/23276-175-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/25112-180-0x0000000000B20000-0x0000000000B29000-memory.dmp
                                      Filesize

                                      36KB

                                      Download
                                    • memory/25112-179-0x0000000000B30000-0x0000000000B35000-memory.dmp
                                      Filesize

                                      20KB

                                      Download
                                    • memory/25112-178-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/25112-229-0x0000000000B30000-0x0000000000B35000-memory.dmp
                                      Filesize

                                      20KB

                                      Download
                                    • memory/26960-183-0x0000000000720000-0x000000000072C000-memory.dmp
                                      Filesize

                                      48KB

                                      Download
                                    • memory/26960-181-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/26960-182-0x0000000000730000-0x0000000000736000-memory.dmp
                                      Filesize

                                      24KB

                                      Download
                                    • memory/28780-185-0x0000000000A50000-0x0000000000A72000-memory.dmp
                                      Filesize

                                      136KB

                                      Download
                                    • memory/28780-230-0x0000000000A50000-0x0000000000A72000-memory.dmp
                                      Filesize

                                      136KB

                                      Download
                                    • memory/28780-184-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/28780-186-0x0000000000A20000-0x0000000000A47000-memory.dmp
                                      Filesize

                                      156KB

                                      Download
                                    • memory/30196-189-0x00000000010D0000-0x00000000010D9000-memory.dmp
                                      Filesize

                                      36KB

                                      Download
                                    • memory/30196-232-0x00000000010E0000-0x00000000010E5000-memory.dmp
                                      Filesize

                                      20KB

                                      Download
                                    • memory/30196-188-0x00000000010E0000-0x00000000010E5000-memory.dmp
                                      Filesize

                                      20KB

                                      Download
                                    • memory/30196-187-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/31488-191-0x0000000000C10000-0x0000000000C16000-memory.dmp
                                      Filesize

                                      24KB

                                      Download
                                    • memory/31488-190-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/31488-192-0x0000000000C00000-0x0000000000C0B000-memory.dmp
                                      Filesize

                                      44KB

                                      Download
                                    • memory/31488-233-0x0000000000C10000-0x0000000000C16000-memory.dmp
                                      Filesize

                                      24KB

                                      Download
                                    • memory/32824-234-0x0000000000EC0000-0x0000000000EC7000-memory.dmp
                                      Filesize

                                      28KB

                                      Download
                                    • memory/32824-193-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/32824-194-0x0000000000EC0000-0x0000000000EC7000-memory.dmp
                                      Filesize

                                      28KB

                                      Download
                                    • memory/32824-195-0x0000000000EB0000-0x0000000000EBD000-memory.dmp
                                      Filesize

                                      52KB

                                      Download
                                    • memory/34120-235-0x0000000000910000-0x0000000000918000-memory.dmp
                                      Filesize

                                      32KB

                                      Download
                                    • memory/34120-200-0x0000000000900000-0x000000000090B000-memory.dmp
                                      Filesize

                                      44KB

                                      Download
                                    • memory/34120-199-0x0000000000910000-0x0000000000918000-memory.dmp
                                      Filesize

                                      32KB

                                      Download
                                    • memory/34120-196-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/36540-225-0x0000000000660000-0x0000000000751000-memory.dmp
                                      Filesize

                                      964KB

                                      Download
                                    • memory/36540-220-0x0000000000660000-0x0000000000751000-memory.dmp
                                      Filesize

                                      964KB

                                      Download
                                    • memory/36540-219-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/39636-244-0x0000000007D10000-0x0000000007E1A000-memory.dmp
                                      Filesize

                                      1.0MB

                                      Download
                                    • memory/39636-237-0x0000000000400000-0x0000000000418000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/39636-242-0x0000000008160000-0x0000000008778000-memory.dmp
                                      Filesize

                                      6.1MB

                                      Download
                                    • memory/39636-243-0x0000000007BE0000-0x0000000007BF2000-memory.dmp
                                      Filesize

                                      72KB

                                      Download
                                    • memory/39636-236-0x0000000000000000-mapping.dmp
                                      Download
                                    • memory/39636-245-0x0000000007C40000-0x0000000007C7C000-memory.dmp
                                      Filesize

                                      240KB

                                      Download
                                    • memory/39636-246-0x0000000008D30000-0x00000000092D4000-memory.dmp
                                      Filesize

                                      5.6MB

                                      Download
                                    • memory/39636-247-0x0000000008000000-0x0000000008092000-memory.dmp
                                      Filesize

                                      584KB

                                      Download
                                    • memory/39636-248-0x00000000080A0000-0x0000000008116000-memory.dmp
                                      Filesize

                                      472KB

                                      Download
                                    • memory/39636-249-0x0000000007EC0000-0x0000000007EDE000-memory.dmp
                                      Filesize

                                      120KB

                                      Download
                                    • memory/39636-250-0x0000000008970000-0x00000000089D6000-memory.dmp
                                      Filesize

                                      408KB

                                      Download
                                    • memory/39636-251-0x0000000009990000-0x0000000009B52000-memory.dmp
                                      Filesize

                                      1.8MB

                                      Download
                                    • memory/39636-252-0x000000000A090000-0x000000000A5BC000-memory.dmp
                                      Filesize

                                      5.2MB

                                      Download