Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-09-2022 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a97eefb81b0234328c6d859fdc1c1177d4850691d31162c8c5708e94a452138.exe

  • Size

    196KB

  • MD5

    04ddb9f876b3fa3956748135b50d7a9d

  • SHA1

    8b0fb4d161700a0a03d9d114d494a389848ee07b

  • SHA256

    2a97eefb81b0234328c6d859fdc1c1177d4850691d31162c8c5708e94a452138

  • SHA512

    26dae3f269045d55d75ffb0a2d9fd6697e1d32d1483f61eff714dfa19ed1257b960d0e840612456526a2f45eba87f747a4362ce4b39dbdcbde823a47a7578af5

  • SSDEEP

    3072:5Q0p5LweOX0VFA5YTp3jaZISZocXlzED2zgN81qH0KzBkS/PkkXx:dLw+Vx3GJWD2AVH0

Score
10/10
redlinesmokeloadertofseexmriglogsdiller cloud (tg: @me_golds)backdoorevasioninfostealerminerpersistencespywaretrojan

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @me_golds)

C2

77.73.134.27:7161

Attributes
  • auth_value

    e136da06c7c0400f4091dab1787720ea

Signatures

  • Detects Smokeloader packer 1 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Executes dropped EXE 5 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a97eefb81b0234328c6d859fdc1c1177d4850691d31162c8c5708e94a452138.exe
    "C:\Users\Admin\AppData\Local\Temp\2a97eefb81b0234328c6d859fdc1c1177d4850691d31162c8c5708e94a452138.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3512
  • C:\Users\Admin\AppData\Local\Temp\E534.exe
    C:\Users\Admin\AppData\Local\Temp\E534.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:100604
  • C:\Users\Admin\AppData\Local\Temp\EB50.exe
    C:\Users\Admin\AppData\Local\Temp\EB50.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\zyzcfyst\
      2⤵
        PID:101240
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\fwqqbigz.exe" C:\Windows\SysWOW64\zyzcfyst\
        2⤵
          PID:4104
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" create zyzcfyst binPath= "C:\Windows\SysWOW64\zyzcfyst\fwqqbigz.exe /d\"C:\Users\Admin\AppData\Local\Temp\EB50.exe\"" type= own start= auto DisplayName= "wifi support"
          2⤵
          • Launches sc.exe
          PID:3336
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" description zyzcfyst "wifi internet conection"
          2⤵
          • Launches sc.exe
          PID:3444
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" start zyzcfyst
          2⤵
          • Launches sc.exe
          PID:4116
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
          2⤵
          • Modifies Windows Firewall
          PID:3888
      • C:\Users\Admin\AppData\Local\Temp\F7C4.exe
        C:\Users\Admin\AppData\Local\Temp\F7C4.exe
        1⤵
        • Executes dropped EXE
        PID:100664
      • C:\Users\Admin\AppData\Local\Temp\FD63.exe
        C:\Users\Admin\AppData\Local\Temp\FD63.exe
        1⤵
        • Executes dropped EXE
        PID:100980
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:101224
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:4248
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:3616
            • C:\Windows\explorer.exe
              C:\Windows\explorer.exe
              1⤵
                PID:4184
              • C:\Windows\SysWOW64\zyzcfyst\fwqqbigz.exe
                C:\Windows\SysWOW64\zyzcfyst\fwqqbigz.exe /d"C:\Users\Admin\AppData\Local\Temp\EB50.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                PID:4988
                • C:\Windows\SysWOW64\svchost.exe
                  svchost.exe
                  2⤵
                  • Windows security bypass
                  • Sets service image path in registry
                  • Drops file in System32 directory
                  • Suspicious use of SetThreadContext
                  • Modifies data under HKEY_USERS
                  PID:5440
                  • C:\Windows\SysWOW64\svchost.exe
                    svchost.exe -o fastpool.xyz:10060 -u 9mLwUkiK8Yp89zQQYodWKN29jVVVz1cWDFZctWxge16Zi3TpHnSBnnVcCDhSRXdesnMBdVjtDwh1N71KD9z37EzgKSM1tmS.60000 -p x -k -a cn/half
                    3⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:8384
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:4708
                • C:\Windows\SysWOW64\explorer.exe
                  C:\Windows\SysWOW64\explorer.exe
                  1⤵
                    PID:1136
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:2284
                    • C:\Windows\explorer.exe
                      C:\Windows\explorer.exe
                      1⤵
                        PID:5024
                      • C:\Windows\SysWOW64\explorer.exe
                        C:\Windows\SysWOW64\explorer.exe
                        1⤵
                          PID:4128

                        Network

                        MITRE ATT&CK Matrix ATT&CK v6

                        Initial Access

                        Execution

                        Persistence

                        New Service

                        1
                        T1050

                        Modify Existing Service

                        1
                        T1031

                        Registry Run Keys / Startup Folder

                        1
                        T1060

                        Privilege Escalation

                        New Service

                        1
                        T1050

                        Defense Evasion

                        Disabling Security Tools

                        1
                        T1089

                        Modify Registry

                        2
                        T1112

                        Credential Access

                        Credentials in Files

                        1
                        T1081

                        Discovery

                        System Information Discovery

                        2
                        T1082

                        Query Registry

                        1
                        T1012

                        Peripheral Device Discovery

                        1
                        T1120

                        Lateral Movement

                        Collection

                        Data from Local System

                        1
                        T1005

                        Exfiltration

                        Command and Control

                        Impact

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Temp\E534.exe
                          Filesize

                          2.6MB

                          MD5

                          ea6fee4ce432602e3dd2b849f8396027

                          SHA1

                          5151b46012f637fe7fdbda551be1651009eb453a

                          SHA256

                          b44181d7365ab6868e1cf0d7127a56862075944099f6f1f965b11f41c78fd75d

                          SHA512

                          b567449c006248a4311a1a3325279e2d4edfacacb272ae3152b085d3164e722370aa748cbaa3299425ede1e4910218988e88f24de744944903b2001b70e263be

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\E534.exe
                          Filesize

                          2.6MB

                          MD5

                          ea6fee4ce432602e3dd2b849f8396027

                          SHA1

                          5151b46012f637fe7fdbda551be1651009eb453a

                          SHA256

                          b44181d7365ab6868e1cf0d7127a56862075944099f6f1f965b11f41c78fd75d

                          SHA512

                          b567449c006248a4311a1a3325279e2d4edfacacb272ae3152b085d3164e722370aa748cbaa3299425ede1e4910218988e88f24de744944903b2001b70e263be

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\EB50.exe
                          Filesize

                          196KB

                          MD5

                          f2ba75620016d62bb48c60d1819e0f80

                          SHA1

                          5b061ef59038833062447a1a687a2eb12e3342c3

                          SHA256

                          20af9e1c402a9dc6ccc0fa68abfdd7f44b17824c9df1c03a83b55d97019a3a67

                          SHA512

                          c0b0179ffe6c51025c237c57a85f3b1d3510ab90265c6a75bd5fda07e1b8b2cbfdbb93e5567ff4aab32909600506906f96146a73ae673716d1cfb76d4c2f4dcf

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\EB50.exe
                          Filesize

                          196KB

                          MD5

                          f2ba75620016d62bb48c60d1819e0f80

                          SHA1

                          5b061ef59038833062447a1a687a2eb12e3342c3

                          SHA256

                          20af9e1c402a9dc6ccc0fa68abfdd7f44b17824c9df1c03a83b55d97019a3a67

                          SHA512

                          c0b0179ffe6c51025c237c57a85f3b1d3510ab90265c6a75bd5fda07e1b8b2cbfdbb93e5567ff4aab32909600506906f96146a73ae673716d1cfb76d4c2f4dcf

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\F7C4.exe
                          Filesize

                          318KB

                          MD5

                          4ffcce262042ceee41c633ce868ea9df

                          SHA1

                          df23872ca234b8e6a12525e7b8ebbcd413e1c38c

                          SHA256

                          232f3d3b9c18dc2fe241f020f1c038ccfea84df128dc17e22a09f13d172f22b7

                          SHA512

                          1651afab08f7551fa1bde93dec655122667d777cef4ca1e999a278a2e41f382532c288faf99713f39ba1f313c98a11d3d937413c82ac69773ad13dd161c44906

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\F7C4.exe
                          Filesize

                          318KB

                          MD5

                          4ffcce262042ceee41c633ce868ea9df

                          SHA1

                          df23872ca234b8e6a12525e7b8ebbcd413e1c38c

                          SHA256

                          232f3d3b9c18dc2fe241f020f1c038ccfea84df128dc17e22a09f13d172f22b7

                          SHA512

                          1651afab08f7551fa1bde93dec655122667d777cef4ca1e999a278a2e41f382532c288faf99713f39ba1f313c98a11d3d937413c82ac69773ad13dd161c44906

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\FD63.exe
                          Filesize

                          365KB

                          MD5

                          80b8df5cb10401d6d70433b4b92c813e

                          SHA1

                          0adcf1306e13def16549948b10710f257eead246

                          SHA256

                          47f8240868925144424daa64d60e34acd965fbf73aad16f35cb04ce9d31117d4

                          SHA512

                          f64f39bfd772b1e86d522ad0eab16439e6cd3bcf5635483975690debfe8b8f1dc710f766990db89a6cc0a6ef2b7ae5517e64c7ba3d1d146eeca43679326a6821

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\FD63.exe
                          Filesize

                          365KB

                          MD5

                          80b8df5cb10401d6d70433b4b92c813e

                          SHA1

                          0adcf1306e13def16549948b10710f257eead246

                          SHA256

                          47f8240868925144424daa64d60e34acd965fbf73aad16f35cb04ce9d31117d4

                          SHA512

                          f64f39bfd772b1e86d522ad0eab16439e6cd3bcf5635483975690debfe8b8f1dc710f766990db89a6cc0a6ef2b7ae5517e64c7ba3d1d146eeca43679326a6821

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\fwqqbigz.exe
                          Filesize

                          12.8MB

                          MD5

                          b24aba323bddc5c65ad9c7daa626546b

                          SHA1

                          330f1e81cb82845bf16a2fc8549ff5b0aef2aab7

                          SHA256

                          59b691eba6173e64301c85df990037893b6cefd541a78e80869386d37721a9ed

                          SHA512

                          aa5e4feab4b5bacc3bcdbeefffcf864a74515fe41b70f7315af69090afbabccf3d6e7d3730e3744e3095c72048cf158a4f2d945272506e97cfce7491e22175a7

                          Download Submit
                        • C:\Windows\SysWOW64\zyzcfyst\fwqqbigz.exe
                          Filesize

                          12.8MB

                          MD5

                          b24aba323bddc5c65ad9c7daa626546b

                          SHA1

                          330f1e81cb82845bf16a2fc8549ff5b0aef2aab7

                          SHA256

                          59b691eba6173e64301c85df990037893b6cefd541a78e80869386d37721a9ed

                          SHA512

                          aa5e4feab4b5bacc3bcdbeefffcf864a74515fe41b70f7315af69090afbabccf3d6e7d3730e3744e3095c72048cf158a4f2d945272506e97cfce7491e22175a7

                          Download Submit
                        • memory/1136-907-0x0000000002D80000-0x0000000002D89000-memory.dmp
                          Filesize

                          36KB

                          Download
                        • memory/1136-537-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1136-902-0x0000000002D90000-0x0000000002D95000-memory.dmp
                          Filesize

                          20KB

                          Download
                        • memory/1136-1406-0x0000000002D90000-0x0000000002D95000-memory.dmp
                          Filesize

                          20KB

                          Download
                        • memory/2284-957-0x0000000002DE0000-0x0000000002DEB000-memory.dmp
                          Filesize

                          44KB

                          Download
                        • memory/2284-913-0x0000000002DF0000-0x0000000002DF6000-memory.dmp
                          Filesize

                          24KB

                          Download
                        • memory/2284-578-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3320-158-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-166-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-156-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-155-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-171-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-175-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-170-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-169-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-167-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-153-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3320-165-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-164-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-163-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-161-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-160-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-159-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3320-157-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3336-363-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3444-386-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3512-151-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-128-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-133-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-134-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-150-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-149-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-116-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-148-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-147-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-146-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-132-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-145-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-144-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-143-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-142-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-139-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-141-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-140-0x0000000000400000-0x000000000058B000-memory.dmp
                          Filesize

                          1.5MB

                          Download
                        • memory/3512-117-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-138-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-118-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-119-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-131-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-137-0x00000000022A0000-0x00000000022A9000-memory.dmp
                          Filesize

                          36KB

                          Download
                        • memory/3512-129-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-152-0x0000000000400000-0x000000000058B000-memory.dmp
                          Filesize

                          1.5MB

                          Download
                        • memory/3512-127-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-126-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-125-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-120-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-124-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-121-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-122-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-135-0x0000000000590000-0x000000000063E000-memory.dmp
                          Filesize

                          696KB

                          Download
                        • memory/3512-136-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-123-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3512-115-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/3616-399-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3616-681-0x0000000002DF0000-0x0000000002DF9000-memory.dmp
                          Filesize

                          36KB

                          Download
                        • memory/3616-612-0x0000000003000000-0x0000000003005000-memory.dmp
                          Filesize

                          20KB

                          Download
                        • memory/3888-441-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4104-341-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4116-414-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4128-1408-0x0000000002F40000-0x0000000002F48000-memory.dmp
                          Filesize

                          32KB

                          Download
                        • memory/4128-671-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4128-1042-0x0000000002F30000-0x0000000002F3B000-memory.dmp
                          Filesize

                          44KB

                          Download
                        • memory/4128-1040-0x0000000002F40000-0x0000000002F48000-memory.dmp
                          Filesize

                          32KB

                          Download
                        • memory/4184-474-0x0000000000410000-0x0000000000416000-memory.dmp
                          Filesize

                          24KB

                          Download
                        • memory/4184-477-0x0000000000400000-0x000000000040C000-memory.dmp
                          Filesize

                          48KB

                          Download
                        • memory/4184-445-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4184-1036-0x0000000000410000-0x0000000000416000-memory.dmp
                          Filesize

                          24KB

                          Download
                        • memory/4248-385-0x0000000000820000-0x0000000000829000-memory.dmp
                          Filesize

                          36KB

                          Download
                        • memory/4248-357-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4248-897-0x0000000000820000-0x0000000000829000-memory.dmp
                          Filesize

                          36KB

                          Download
                        • memory/4248-390-0x0000000000810000-0x000000000081F000-memory.dmp
                          Filesize

                          60KB

                          Download
                        • memory/4604-182-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-452-0x00000000001D0000-0x00000000001E3000-memory.dmp
                          Filesize

                          76KB

                          Download
                        • memory/4604-205-0x0000000000756000-0x0000000000767000-memory.dmp
                          Filesize

                          68KB

                          Download
                        • memory/4604-180-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-173-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-176-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-261-0x0000000000400000-0x000000000058B000-memory.dmp
                          Filesize

                          1.5MB

                          Download
                        • memory/4604-189-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-174-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-187-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-186-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-177-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-449-0x0000000000756000-0x0000000000767000-memory.dmp
                          Filesize

                          68KB

                          Download
                        • memory/4604-458-0x0000000000400000-0x000000000058B000-memory.dmp
                          Filesize

                          1.5MB

                          Download
                        • memory/4604-185-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-184-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-183-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-168-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4604-188-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-208-0x00000000001D0000-0x00000000001E3000-memory.dmp
                          Filesize

                          76KB

                          Download
                        • memory/4604-179-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4604-178-0x0000000077BE0000-0x0000000077D6E000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/4708-797-0x0000000000850000-0x0000000000872000-memory.dmp
                          Filesize

                          136KB

                          Download
                        • memory/4708-491-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4708-847-0x0000000000820000-0x0000000000847000-memory.dmp
                          Filesize

                          156KB

                          Download
                        • memory/4988-748-0x0000000000400000-0x000000000058B000-memory.dmp
                          Filesize

                          1.5MB

                          Download
                        • memory/4988-632-0x0000000000590000-0x00000000006DA000-memory.dmp
                          Filesize

                          1.3MB

                          Download
                        • memory/4988-621-0x00000000008D1000-0x00000000008E1000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/4988-790-0x0000000000400000-0x000000000058B000-memory.dmp
                          Filesize

                          1.5MB

                          Download
                        • memory/4988-783-0x00000000008D1000-0x00000000008E1000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/5024-1150-0x0000000000900000-0x0000000000907000-memory.dmp
                          Filesize

                          28KB

                          Download
                        • memory/5024-689-0x0000000000900000-0x0000000000907000-memory.dmp
                          Filesize

                          28KB

                          Download
                        • memory/5024-697-0x00000000008F0000-0x00000000008FD000-memory.dmp
                          Filesize

                          52KB

                          Download
                        • memory/5024-628-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5440-762-0x00000000026E9A6B-mapping.dmp
                          Download
                        • memory/5440-1407-0x00000000026E0000-0x00000000026F5000-memory.dmp
                          Filesize

                          84KB

                          Download
                        • memory/5440-961-0x00000000026E0000-0x00000000026F5000-memory.dmp
                          Filesize

                          84KB

                          Download
                        • memory/8384-1443-0x0000000002A9259C-mapping.dmp
                          Download
                        • memory/100604-195-0x0000000000422186-mapping.dmp
                          Download
                        • memory/100604-361-0x0000000009650000-0x000000000968E000-memory.dmp
                          Filesize

                          248KB

                          Download
                        • memory/100604-837-0x000000000A610000-0x000000000A660000-memory.dmp
                          Filesize

                          320KB

                          Download
                        • memory/100604-808-0x000000000A570000-0x000000000A602000-memory.dmp
                          Filesize

                          584KB

                          Download
                        • memory/100604-645-0x00000000099C0000-0x0000000009A26000-memory.dmp
                          Filesize

                          408KB

                          Download
                        • memory/100604-611-0x000000000A690000-0x000000000AB8E000-memory.dmp
                          Filesize

                          5.0MB

                          Download
                        • memory/100604-906-0x000000000B4E0000-0x000000000BA0C000-memory.dmp
                          Filesize

                          5.2MB

                          Download
                        • memory/100604-901-0x000000000ADE0000-0x000000000AFA2000-memory.dmp
                          Filesize

                          1.8MB

                          Download
                        • memory/100604-278-0x0000000000400000-0x0000000000428000-memory.dmp
                          Filesize

                          160KB

                          Download
                        • memory/100604-348-0x00000000096C0000-0x00000000097CA000-memory.dmp
                          Filesize

                          1.0MB

                          Download
                        • memory/100604-371-0x00000000097D0000-0x000000000981B000-memory.dmp
                          Filesize

                          300KB

                          Download
                        • memory/100604-830-0x000000000AB90000-0x000000000AC06000-memory.dmp
                          Filesize

                          472KB

                          Download
                        • memory/100604-355-0x00000000095F0000-0x0000000009602000-memory.dmp
                          Filesize

                          72KB

                          Download
                        • memory/100604-345-0x0000000009B80000-0x000000000A186000-memory.dmp
                          Filesize

                          6.0MB

                          Download
                        • memory/100664-203-0x0000000000000000-mapping.dmp
                          Download
                        • memory/100980-268-0x0000000000000000-mapping.dmp
                          Download
                        • memory/101224-486-0x00000000030F0000-0x00000000030F7000-memory.dmp
                          Filesize

                          28KB

                          Download
                        • memory/101224-1039-0x00000000030F0000-0x00000000030F7000-memory.dmp
                          Filesize

                          28KB

                          Download
                        • memory/101224-310-0x0000000000000000-mapping.dmp
                          Download
                        • memory/101224-482-0x00000000030E0000-0x00000000030EB000-memory.dmp
                          Filesize

                          44KB

                          Download
                        • memory/101240-313-0x0000000000000000-mapping.dmp
                          Download