Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05-10-2022 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f2205ec9f11bfba6d97ac92fd3b960a5697e27d867a74c3d7ba47d2a338e64c.exe

  • Size

    146KB

  • MD5

    3054e51f328957b83a472c3fb5ca02e4

  • SHA1

    a592671a0792c56b46b14193c21722e34871a4e9

  • SHA256

    1f2205ec9f11bfba6d97ac92fd3b960a5697e27d867a74c3d7ba47d2a338e64c

  • SHA512

    d5129204fe6739dfe56e3150728f62c56768ed3d3d8efa6a1bc85e5cd138dc3ea405114baaa0546b1cf44516923c1639e3834d7cff7dc0422bddce196a161bb8

  • SSDEEP

    3072:eYJv+XW9hfTdCohCaVE88na+wYka1QgwrO:B5YeEypVEFgYka+gY

Score
10/10
smokeloadervidar1681backdoordiscoveryspywarestealertrojanupx

Malware Config

Extracted

Family

vidar

Version

54.9

Botnet

1681

C2

https://t.me/larsenup

https://ioc.exchange/@zebra54
Attributes
  • profile_id

    1681

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses 2FA software files, possible credential harvesting 2 TTPs
    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of WriteProcessMemory 62 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f2205ec9f11bfba6d97ac92fd3b960a5697e27d867a74c3d7ba47d2a338e64c.exe
    "C:\Users\Admin\AppData\Local\Temp\1f2205ec9f11bfba6d97ac92fd3b960a5697e27d867a74c3d7ba47d2a338e64c.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2972
  • C:\Users\Admin\AppData\Local\Temp\229B.exe
    C:\Users\Admin\AppData\Local\Temp\229B.exe
    1⤵
    • Executes dropped EXE
    PID:2008
  • C:\Users\Admin\AppData\Local\Temp\2BC4.exe
    C:\Users\Admin\AppData\Local\Temp\2BC4.exe
    1⤵
    • Executes dropped EXE
    PID:4560
  • C:\Users\Admin\AppData\Local\Temp\39EE.exe
    C:\Users\Admin\AppData\Local\Temp\39EE.exe
    1⤵
    • Executes dropped EXE
    PID:1296
  • C:\Users\Admin\AppData\Local\Temp\570C.exe
    C:\Users\Admin\AppData\Local\Temp\570C.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\ProgramData\28064558923526733490.exe
      "C:\ProgramData\28064558923526733490.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3264
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "del C:\ProgramData\28064558923526733490.exe"
        3⤵
          PID:3724
      • C:\ProgramData\76110539669722375999.exe
        "C:\ProgramData\76110539669722375999.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3184
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell "" "Get-WmiObject Win32_PortConnector"
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3348
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" ȁs'ûÔ/c taskkill /im 570C.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\570C.exe" & del C:\PrograData\*.dll & exit
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4772
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /im 570C.exe /f
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:632
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 6
          3⤵
          • Delays execution with timeout.exe
          PID:220
    • C:\Windows\SysWOW64\explorer.exe
      C:\Windows\SysWOW64\explorer.exe
      1⤵
        PID:4260
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe
        1⤵
          PID:4000
        • C:\Windows\SysWOW64\explorer.exe
          C:\Windows\SysWOW64\explorer.exe
          1⤵
            PID:3800
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe
            1⤵
              PID:4752
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:1984
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:2332
                • C:\Windows\SysWOW64\explorer.exe
                  C:\Windows\SysWOW64\explorer.exe
                  1⤵
                    PID:4744
                  • C:\Windows\explorer.exe
                    C:\Windows\explorer.exe
                    1⤵
                      PID:1668
                    • C:\Windows\SysWOW64\explorer.exe
                      C:\Windows\SysWOW64\explorer.exe
                      1⤵
                        PID:3636

                      Network

                      MITRE ATT&CK Matrix ATT&CK v6

                      Initial Access

                      Execution

                      Persistence

                      Privilege Escalation

                      Defense Evasion

                      Credential Access

                      Credentials in Files

                      3
                      T1081

                      Discovery

                      Query Registry

                      3
                      T1012

                      System Information Discovery

                      3
                      T1082

                      Peripheral Device Discovery

                      1
                      T1120

                      Lateral Movement

                      Collection

                      Data from Local System

                      3
                      T1005

                      Exfiltration

                      Command and Control

                      Web Service

                      1
                      T1102

                      Impact

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\ProgramData\28064558923526733490.exe
                        Filesize

                        7.5MB

                        MD5

                        a94454236aa9ec0839399191875fdbf3

                        SHA1

                        1bde5be455f396f19917e381ce9050facc7c754c

                        SHA256

                        bcce8e51552e7810d696f563d345db9d123dc3d15061bfdc8037e17cf8b15977

                        SHA512

                        15d216fc37772d9049ef54dc926dbecf2a051192314b040ceb85d944affe463694caba2e9806e96b5cf7b637655fb4949de8d638023811a2e5dea46466691b8b

                        Download Submit
                      • C:\ProgramData\28064558923526733490.exe
                        Filesize

                        7.5MB

                        MD5

                        a94454236aa9ec0839399191875fdbf3

                        SHA1

                        1bde5be455f396f19917e381ce9050facc7c754c

                        SHA256

                        bcce8e51552e7810d696f563d345db9d123dc3d15061bfdc8037e17cf8b15977

                        SHA512

                        15d216fc37772d9049ef54dc926dbecf2a051192314b040ceb85d944affe463694caba2e9806e96b5cf7b637655fb4949de8d638023811a2e5dea46466691b8b

                        Download Submit
                      • C:\ProgramData\76110539669722375999.exe
                        Filesize

                        5.1MB

                        MD5

                        0113a17db679f5087ef528e875a7aac2

                        SHA1

                        f25e9f94188a06afca877b9e428afe638985ebbd

                        SHA256

                        e9b3446bced621816026f3bc07681a491c39edf1fe86c20d1e9feafd3a84c3c8

                        SHA512

                        9ad50760ae6d1507ac848ba25706718a9ceb2ccfcac4b0cf28b34e0a78d0206d131e4a0a4f1be53d4c413ef2f20ef2098c9b40cd69283037b0525636b136e89e

                        Download Submit
                      • C:\ProgramData\76110539669722375999.exe
                        Filesize

                        5.1MB

                        MD5

                        0113a17db679f5087ef528e875a7aac2

                        SHA1

                        f25e9f94188a06afca877b9e428afe638985ebbd

                        SHA256

                        e9b3446bced621816026f3bc07681a491c39edf1fe86c20d1e9feafd3a84c3c8

                        SHA512

                        9ad50760ae6d1507ac848ba25706718a9ceb2ccfcac4b0cf28b34e0a78d0206d131e4a0a4f1be53d4c413ef2f20ef2098c9b40cd69283037b0525636b136e89e

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\229B.exe
                        Filesize

                        316KB

                        MD5

                        27cdcc66310e8a239ef822684833efd2

                        SHA1

                        7f3e3055ba30047819094b0121b316d9364e2707

                        SHA256

                        07c94a43d67cc347c043105b104a8ccc57eb97f7ffe4f5114ea6c13dcf07aba2

                        SHA512

                        6b0e4811dba1fd6afab3a074da9a440bd318f5eb74ab48cb8d57913c410115e6811f51dc5f3bd04240821dcee84db772accf3af858ab0db18e6dcd9ef2de9a54

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\229B.exe
                        Filesize

                        316KB

                        MD5

                        27cdcc66310e8a239ef822684833efd2

                        SHA1

                        7f3e3055ba30047819094b0121b316d9364e2707

                        SHA256

                        07c94a43d67cc347c043105b104a8ccc57eb97f7ffe4f5114ea6c13dcf07aba2

                        SHA512

                        6b0e4811dba1fd6afab3a074da9a440bd318f5eb74ab48cb8d57913c410115e6811f51dc5f3bd04240821dcee84db772accf3af858ab0db18e6dcd9ef2de9a54

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\2BC4.exe
                        Filesize

                        363KB

                        MD5

                        e292a6cbeb112872c04796311b52ae30

                        SHA1

                        8ecefecab9231e42429a33256f5db84eff302948

                        SHA256

                        39c4fa10490d1f6e5f909786dee9ab0d8e8eb79bb04a9c541d2209224367ad16

                        SHA512

                        c506b3c796d99f8fb3e70d36596720bd1a6328a653c77769e20cbb358da122e576d72518508f63217e80985eb9abaa79abaa681312e9100445e391828029577e

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\2BC4.exe
                        Filesize

                        363KB

                        MD5

                        e292a6cbeb112872c04796311b52ae30

                        SHA1

                        8ecefecab9231e42429a33256f5db84eff302948

                        SHA256

                        39c4fa10490d1f6e5f909786dee9ab0d8e8eb79bb04a9c541d2209224367ad16

                        SHA512

                        c506b3c796d99f8fb3e70d36596720bd1a6328a653c77769e20cbb358da122e576d72518508f63217e80985eb9abaa79abaa681312e9100445e391828029577e

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\39EE.exe
                        Filesize

                        363KB

                        MD5

                        ad170ecbf3579649162c3cb67d398672

                        SHA1

                        838306ef60ae4286030be9b395c866abd0c8ff47

                        SHA256

                        5e924125ff6aeb76684f4fb7f578c6d9278b243ed18e9a9eff8b2b28045ec5a5

                        SHA512

                        83a5511b668f49d4361a4a9dd5c8944c6395504f8f31c3a0ab94a9ea1d75d4b17c72c433c53d73cd9dfbb641c34b2741ef15474bacc7c6728e889511ffafc185

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\39EE.exe
                        Filesize

                        363KB

                        MD5

                        ad170ecbf3579649162c3cb67d398672

                        SHA1

                        838306ef60ae4286030be9b395c866abd0c8ff47

                        SHA256

                        5e924125ff6aeb76684f4fb7f578c6d9278b243ed18e9a9eff8b2b28045ec5a5

                        SHA512

                        83a5511b668f49d4361a4a9dd5c8944c6395504f8f31c3a0ab94a9ea1d75d4b17c72c433c53d73cd9dfbb641c34b2741ef15474bacc7c6728e889511ffafc185

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\570C.exe
                        Filesize

                        6.3MB

                        MD5

                        46155f0e5175c41f21442e61298560f7

                        SHA1

                        ffd644c2e034229bd06d2e25e3565041ea9984b5

                        SHA256

                        ec5c095eb8718cc29c586765a7d779fbad1ab2ad21124bda2610200762f32130

                        SHA512

                        b078a49defb9b3cea7954cb69a839c17d39ff064573ed79bd8404550d3c0644dfba1da6ba65d7c396443939dd5ae67523985f16c7ba967895623f99a3ef16f71

                        Download Submit
                      • C:\Users\Admin\AppData\Local\Temp\570C.exe
                        Filesize

                        6.3MB

                        MD5

                        46155f0e5175c41f21442e61298560f7

                        SHA1

                        ffd644c2e034229bd06d2e25e3565041ea9984b5

                        SHA256

                        ec5c095eb8718cc29c586765a7d779fbad1ab2ad21124bda2610200762f32130

                        SHA512

                        b078a49defb9b3cea7954cb69a839c17d39ff064573ed79bd8404550d3c0644dfba1da6ba65d7c396443939dd5ae67523985f16c7ba967895623f99a3ef16f71

                        Download Submit
                      • \ProgramData\mozglue.dll
                        Filesize

                        593KB

                        MD5

                        c8fd9be83bc728cc04beffafc2907fe9

                        SHA1

                        95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                        SHA256

                        ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                        SHA512

                        fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                        Download Submit
                      • \ProgramData\nss3.dll
                        Filesize

                        2.0MB

                        MD5

                        1cc453cdf74f31e4d913ff9c10acdde2

                        SHA1

                        6e85eae544d6e965f15fa5c39700fa7202f3aafe

                        SHA256

                        ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                        SHA512

                        dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                        Download Submit
                      • memory/220-764-0x0000000000000000-mapping.dmp
                        Download
                      • memory/632-721-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1296-203-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1668-603-0x0000000001280000-0x0000000001287000-memory.dmp
                        Filesize

                        28KB

                        Download
                      • memory/1668-561-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1668-605-0x0000000000FF0000-0x0000000000FFD000-memory.dmp
                        Filesize

                        52KB

                        Download
                      • memory/1668-788-0x0000000001280000-0x0000000001287000-memory.dmp
                        Filesize

                        28KB

                        Download
                      • memory/1984-480-0x0000000000A10000-0x0000000000A37000-memory.dmp
                        Filesize

                        156KB

                        Download
                      • memory/1984-479-0x0000000000A40000-0x0000000000A62000-memory.dmp
                        Filesize

                        136KB

                        Download
                      • memory/1984-420-0x0000000000000000-mapping.dmp
                        Download
                      • memory/1984-712-0x0000000000A40000-0x0000000000A62000-memory.dmp
                        Filesize

                        136KB

                        Download
                      • memory/2008-170-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-162-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-168-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-178-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-177-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-176-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-175-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-174-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-173-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-172-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-171-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-169-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-155-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2008-167-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-157-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-158-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-159-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-160-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-161-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-166-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-165-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2008-164-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2332-787-0x00000000006A0000-0x00000000006A5000-memory.dmp
                        Filesize

                        20KB

                        Download
                      • memory/2332-481-0x0000000000000000-mapping.dmp
                        Download
                      • memory/2332-607-0x0000000000690000-0x0000000000699000-memory.dmp
                        Filesize

                        36KB

                        Download
                      • memory/2332-602-0x00000000006A0000-0x00000000006A5000-memory.dmp
                        Filesize

                        20KB

                        Download
                      • memory/2972-153-0x0000000000400000-0x0000000000580000-memory.dmp
                        Filesize

                        1.5MB

                        Download
                      • memory/2972-122-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-151-0x000000000083A000-0x000000000084A000-memory.dmp
                        Filesize

                        64KB

                        Download
                      • memory/2972-118-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-152-0x00000000006E0000-0x00000000006E9000-memory.dmp
                        Filesize

                        36KB

                        Download
                      • memory/2972-149-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-150-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-141-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-143-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-146-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-137-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-147-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-129-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-128-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-130-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-136-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-131-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-119-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-148-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-120-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-121-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-138-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-132-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-145-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-144-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-142-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-133-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-140-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-139-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-135-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-123-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-134-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-124-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-126-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-127-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/2972-154-0x0000000000400000-0x0000000000580000-memory.dmp
                        Filesize

                        1.5MB

                        Download
                      • memory/2972-125-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/3184-709-0x0000000000000000-mapping.dmp
                        Download
                      • memory/3184-713-0x00000000003C0000-0x0000000001685000-memory.dmp
                        Filesize

                        18.8MB

                        Download
                      • memory/3184-791-0x00000000003C0000-0x0000000001685000-memory.dmp
                        Filesize

                        18.8MB

                        Download
                      • memory/3184-809-0x00000000003C0000-0x0000000001685000-memory.dmp
                        Filesize

                        18.8MB

                        Download
                      • memory/3264-703-0x0000000000000000-mapping.dmp
                        Download
                      • memory/3348-797-0x000001E8EC860000-0x000001E8EC882000-memory.dmp
                        Filesize

                        136KB

                        Download
                      • memory/3348-792-0x0000000000000000-mapping.dmp
                        Download
                      • memory/3348-801-0x000001E8ED3B0000-0x000001E8ED426000-memory.dmp
                        Filesize

                        472KB

                        Download
                      • memory/3636-690-0x00000000030D0000-0x00000000030D8000-memory.dmp
                        Filesize

                        32KB

                        Download
                      • memory/3636-691-0x00000000030C0000-0x00000000030CB000-memory.dmp
                        Filesize

                        44KB

                        Download
                      • memory/3636-613-0x0000000000000000-mapping.dmp
                        Download
                      • memory/3636-790-0x00000000030D0000-0x00000000030D8000-memory.dmp
                        Filesize

                        32KB

                        Download
                      • memory/3644-696-0x0000000000400000-0x0000000000A5A000-memory.dmp
                        Filesize

                        6.4MB

                        Download
                      • memory/3644-300-0x0000000000400000-0x0000000000A5A000-memory.dmp
                        Filesize

                        6.4MB

                        Download
                      • memory/3644-227-0x0000000000000000-mapping.dmp
                        Download
                      • memory/3644-717-0x0000000000400000-0x0000000000A5A000-memory.dmp
                        Filesize

                        6.4MB

                        Download
                      • memory/3724-706-0x0000000000000000-mapping.dmp
                        Download
                      • memory/3800-708-0x0000000003130000-0x0000000003135000-memory.dmp
                        Filesize

                        20KB

                        Download
                      • memory/3800-419-0x0000000003120000-0x0000000003129000-memory.dmp
                        Filesize

                        36KB

                        Download
                      • memory/3800-418-0x0000000003130000-0x0000000003135000-memory.dmp
                        Filesize

                        20KB

                        Download
                      • memory/3800-316-0x0000000000000000-mapping.dmp
                        Download
                      • memory/4000-282-0x0000000000000000-mapping.dmp
                        Download
                      • memory/4000-697-0x00000000003E0000-0x00000000003E9000-memory.dmp
                        Filesize

                        36KB

                        Download
                      • memory/4000-303-0x00000000003E0000-0x00000000003E9000-memory.dmp
                        Filesize

                        36KB

                        Download
                      • memory/4000-305-0x00000000003D0000-0x00000000003DF000-memory.dmp
                        Filesize

                        60KB

                        Download
                      • memory/4260-242-0x0000000000000000-mapping.dmp
                        Download
                      • memory/4260-415-0x0000000000BC0000-0x0000000000BCB000-memory.dmp
                        Filesize

                        44KB

                        Download
                      • memory/4260-351-0x0000000000BD0000-0x0000000000BD7000-memory.dmp
                        Filesize

                        28KB

                        Download
                      • memory/4560-189-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-188-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-179-0x0000000000000000-mapping.dmp
                        Download
                      • memory/4560-181-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-182-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-183-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-184-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-185-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-191-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-190-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4560-186-0x0000000077220000-0x00000000773AE000-memory.dmp
                        Filesize

                        1.6MB

                        Download
                      • memory/4744-652-0x0000000003050000-0x000000000305B000-memory.dmp
                        Filesize

                        44KB

                        Download
                      • memory/4744-521-0x0000000000000000-mapping.dmp
                        Download
                      • memory/4744-789-0x0000000003060000-0x0000000003066000-memory.dmp
                        Filesize

                        24KB

                        Download
                      • memory/4744-650-0x0000000003060000-0x0000000003066000-memory.dmp
                        Filesize

                        24KB

                        Download
                      • memory/4752-707-0x0000000000A00000-0x0000000000A06000-memory.dmp
                        Filesize

                        24KB

                        Download
                      • memory/4752-417-0x00000000007F0000-0x00000000007FC000-memory.dmp
                        Filesize

                        48KB

                        Download
                      • memory/4752-416-0x0000000000A00000-0x0000000000A06000-memory.dmp
                        Filesize

                        24KB

                        Download
                      • memory/4752-359-0x0000000000000000-mapping.dmp
                        Download
                      • memory/4772-714-0x0000000000000000-mapping.dmp
                        Download