netwire | 30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20220722-en
resource tags

arch:x64arch:x86image:win10-20220722-enlocale:en-usos:windows10-1703-x64system
submitted
06-08-2022 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
Size

749KB
MD5

91f5a7d8b8ba508f8e6999e7ddb8e902
SHA1

3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59
SHA256

30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155
SHA512

0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

37.0.14.206:3384

Attributes

activex_autorun
false
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
%AppData%\Install\Host.exe
keylogger_dir
%AppData%\Logs\
lock_executable
true
offline_keylogger
true
password
Password234
registry_autorun
false
use_mutex
false

Signatures

NetWire RAT payload 4 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/4272-271-0x000000000040242D-mapping.dmp	netwire
behavioral1/memory/4272-348-0x0000000000400000-0x0000000000433000-memory.dmp	netwire
behavioral1/memory/4692-732-0x000000000040242D-mapping.dmp	netwire
behavioral1/memory/4692-816-0x0000000000400000-0x0000000000433000-memory.dmp	netwire

Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
botnet stealer netwire
Executes dropped EXE 3 IoCs

Processes:

Host.exeHost.exeHost.exe

pid process

4732 Host.exe
4272 Host.exe
4692 Host.exe

pid	process
4732	Host.exe
4272	Host.exe
4692	Host.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exeHost.exe

description	pid	process	target process
PID 4772 set thread context of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4732 set thread context of 4692	4732	Host.exe	Host.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exe

pid process

928 schtasks.exe
4348 schtasks.exe

pid	process
928	schtasks.exe
4348	schtasks.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exepowershell.exeHost.exepowershell.exe

pid	process
4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
3256	powershell.exe
3256	powershell.exe
3256	powershell.exe
4732	Host.exe
4732	Host.exe
4732	Host.exe
4732	Host.exe
4116	powershell.exe
4116	powershell.exe
4116	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exepowershell.exeHost.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
Token: SeDebugPrivilege	3256	powershell.exe
Token: SeDebugPrivilege	4732	Host.exe
Token: SeDebugPrivilege	4116	powershell.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exeHost.exe

description	pid	process	target process
PID 4772 wrote to memory of 3256	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	powershell.exe
PID 4772 wrote to memory of 3256	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	powershell.exe
PID 4772 wrote to memory of 3256	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	powershell.exe
PID 4772 wrote to memory of 4348	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	schtasks.exe
PID 4772 wrote to memory of 4348	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	schtasks.exe
PID 4772 wrote to memory of 4348	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	schtasks.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4772 wrote to memory of 4272	4772	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
PID 4272 wrote to memory of 4732	4272	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	Host.exe
PID 4272 wrote to memory of 4732	4272	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	Host.exe
PID 4272 wrote to memory of 4732	4272	30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe	Host.exe
PID 4732 wrote to memory of 4116	4732	Host.exe	powershell.exe
PID 4732 wrote to memory of 4116	4732	Host.exe	powershell.exe
PID 4732 wrote to memory of 4116	4732	Host.exe	powershell.exe
PID 4732 wrote to memory of 928	4732	Host.exe	schtasks.exe
PID 4732 wrote to memory of 928	4732	Host.exe	schtasks.exe
PID 4732 wrote to memory of 928	4732	Host.exe	schtasks.exe
PID 4732 wrote to memory of 4272	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4272	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4272	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe
PID 4732 wrote to memory of 4692	4732	Host.exe	Host.exe

C:\Users\Admin\AppData\Local\Temp\30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
"C:\Users\Admin\AppData\Local\Temp\30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4772

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\fBPIygOi.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3256

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fBPIygOi" /XML "C:\Users\Admin\AppData\Local\Temp\tmpED00.tmp"
2⤵
- Creates scheduled task(s)
PID:4348

C:\Users\Admin\AppData\Local\Temp\30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe
"C:\Users\Admin\AppData\Local\Temp\30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:4272

C:\Users\Admin\AppData\Roaming\Install\Host.exe
"C:\Users\Admin\AppData\Roaming\Install\Host.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4732

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\fBPIygOi.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4116

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fBPIygOi" /XML "C:\Users\Admin\AppData\Local\Temp\tmpBA52.tmp"
4⤵
- Creates scheduled task(s)
PID:928

C:\Users\Admin\AppData\Roaming\Install\Host.exe
"C:\Users\Admin\AppData\Roaming\Install\Host.exe"
4⤵
- Executes dropped EXE
PID:4272

C:\Users\Admin\AppData\Roaming\Install\Host.exe
"C:\Users\Admin\AppData\Roaming\Install\Host.exe"
4⤵
- Executes dropped EXE
PID:4692

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
db01a2c1c7e70b2b038edf8ad5ad9826

SHA1
540217c647a73bad8d8a79e3a0f3998b5abd199b

SHA256
413da361d77055dae7007f82b58b366c8783aa72e0b8fbe41519b940c253b38d

SHA512
c76ff57fcee5cdf9fdf3116d4e1dc0cf106867bf19ab474b763e242acf5dca9a7509cb837c35e130c3e056636b4e8a4e135512a978bcd3dd641e20f5bf76c3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
18KB

MD5
406d4b80400cf42c795bd5cef518c8d0

SHA1
dd697ef08a5fe9dd93c9b950ff5623508a0d8e43

SHA256
a56f8a84986c8dfdcd0a507783146ea17316dc3e8ac63e9659c0b9d6d4ab24c1

SHA512
06ec4cdce293b00acb78a8eeecaa1768fa0bfc45b1b22ab561324d23b66f6773597402549f67ee290218919bb4471128317865e7b7263d0923aa73b8e13c8128

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA52.tmp
Filesize
1KB

MD5
7e794ffcd12427481d0b8019a837bd52

SHA1
8d0edd7a399d214239d21fdbe09a0c45cdfe5d47

SHA256
7aa19d3b05c31234d3dbc284a5e3371a6c61e1b03e071e38e17d7458aa250d8d

SHA512
147eb7f9e05db6c3cd58de004b6e7f8ddf9ca3f6ceb6c90ea0301a16a8095d483ad1af3bc3478d8a04e1d2a2436d0ddfc59090fcb48792a2af75e1d6bf3e92b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpED00.tmp
Filesize
1KB

MD5
7e794ffcd12427481d0b8019a837bd52

SHA1
8d0edd7a399d214239d21fdbe09a0c45cdfe5d47

SHA256
7aa19d3b05c31234d3dbc284a5e3371a6c61e1b03e071e38e17d7458aa250d8d

SHA512
147eb7f9e05db6c3cd58de004b6e7f8ddf9ca3f6ceb6c90ea0301a16a8095d483ad1af3bc3478d8a04e1d2a2436d0ddfc59090fcb48792a2af75e1d6bf3e92b3

Download Submit
C:\Users\Admin\AppData\Roaming\Install\Host.exe
Filesize
749KB

MD5
91f5a7d8b8ba508f8e6999e7ddb8e902

SHA1
3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59

SHA256
30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155

SHA512
0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27

Download Submit
C:\Users\Admin\AppData\Roaming\Install\Host.exe
Filesize
749KB

MD5
91f5a7d8b8ba508f8e6999e7ddb8e902

SHA1
3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59

SHA256
30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155

SHA512
0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27

Download Submit
C:\Users\Admin\AppData\Roaming\Install\Host.exe
Filesize
749KB

MD5
91f5a7d8b8ba508f8e6999e7ddb8e902

SHA1
3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59

SHA256
30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155

SHA512
0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27

Download Submit
C:\Users\Admin\AppData\Roaming\Install\Host.exe
Filesize
749KB

MD5
91f5a7d8b8ba508f8e6999e7ddb8e902

SHA1
3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59

SHA256
30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155

SHA512
0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27

Download Submit
memory/928-681-0x0000000000000000-mapping.dmp

Download
memory/3256-650-0x0000000009530000-0x000000000954A000-memory.dmp

Filesize
104KB

Download
memory/3256-433-0x0000000009150000-0x0000000009183000-memory.dmp

Filesize
204KB

Download
memory/3256-341-0x0000000007BA0000-0x0000000007EF0000-memory.dmp

Filesize
3.3MB

Download
memory/3256-332-0x0000000007190000-0x00000000071B2000-memory.dmp

Filesize
136KB

Download
memory/3256-655-0x0000000009130000-0x0000000009138000-memory.dmp

Filesize
32KB

Download
memory/3256-337-0x00000000078C0000-0x0000000007926000-memory.dmp

Filesize
408KB

Download
memory/3256-447-0x0000000009620000-0x00000000096B4000-memory.dmp

Filesize
592KB

Download
memory/3256-443-0x0000000009280000-0x0000000009325000-memory.dmp

Filesize
660KB

Download
memory/3256-434-0x0000000009020000-0x000000000903E000-memory.dmp

Filesize
120KB

Download
memory/3256-264-0x0000000006AC0000-0x0000000006AF6000-memory.dmp

Filesize
216KB

Download
memory/3256-281-0x0000000007220000-0x0000000007848000-memory.dmp

Filesize
6.2MB

Download
memory/3256-391-0x00000000082B0000-0x0000000008326000-memory.dmp

Filesize
472KB

Download
memory/3256-371-0x0000000008020000-0x000000000806B000-memory.dmp

Filesize
300KB

Download
memory/3256-363-0x00000000079E0000-0x00000000079FC000-memory.dmp

Filesize
112KB

Download
memory/3256-209-0x0000000000000000-mapping.dmp

Download
memory/4116-809-0x00000000082A0000-0x00000000082EB000-memory.dmp

Filesize
300KB

Download
memory/4116-799-0x0000000007AE0000-0x0000000007E30000-memory.dmp

Filesize
3.3MB

Download
memory/4116-841-0x0000000009580000-0x0000000009625000-memory.dmp

Filesize
660KB

Download
memory/4116-679-0x0000000000000000-mapping.dmp

Download
memory/4272-348-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4272-271-0x000000000040242D-mapping.dmp

Download
memory/4348-213-0x0000000000000000-mapping.dmp

Download
memory/4692-732-0x000000000040242D-mapping.dmp

Download
memory/4692-816-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4732-345-0x0000000000000000-mapping.dmp

Download
memory/4732-426-0x0000000005A30000-0x0000000005A46000-memory.dmp

Filesize
88KB

Download
memory/4772-154-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-201-0x000000000B600000-0x000000000B69C000-memory.dmp

Filesize
624KB

Download
memory/4772-164-0x0000000005610000-0x0000000005B0E000-memory.dmp

Filesize
5.0MB

Download
memory/4772-165-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-166-0x0000000005000000-0x0000000005092000-memory.dmp

Filesize
584KB

Download
memory/4772-167-0x00000000051B0000-0x0000000005500000-memory.dmp

Filesize
3.3MB

Download
memory/4772-168-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-169-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-170-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-171-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-172-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-173-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-174-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-175-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-176-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-177-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-178-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-179-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-180-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-181-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-182-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-183-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-184-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-185-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-186-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-187-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-188-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-189-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-190-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-191-0x00000000055F0000-0x00000000055FA000-memory.dmp

Filesize
40KB

Download
memory/4772-192-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-193-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-194-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-195-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-197-0x0000000005C90000-0x0000000005CA6000-memory.dmp

Filesize
88KB

Download
memory/4772-198-0x0000000005CC0000-0x0000000005CCA000-memory.dmp

Filesize
40KB

Download
memory/4772-200-0x000000000B4D0000-0x000000000B54C000-memory.dmp

Filesize
496KB

Download
memory/4772-163-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-203-0x000000000B960000-0x000000000B9C6000-memory.dmp

Filesize
408KB

Download
memory/4772-162-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-161-0x0000000000700000-0x00000000007C2000-memory.dmp

Filesize
776KB

Download
memory/4772-160-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-159-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-266-0x000000000B6A0000-0x000000000B6CE000-memory.dmp

Filesize
184KB

Download
memory/4772-158-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-157-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-156-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-155-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-127-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-153-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-152-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-151-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-150-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-149-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-148-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-147-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-146-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-145-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-144-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-143-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-142-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-141-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-140-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-139-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-138-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-137-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-136-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-135-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-134-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-133-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-132-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-131-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-130-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-129-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download
memory/4772-128-0x0000000077180000-0x000000007730E000-memory.dmp

Filesize
1.6MB

Download