Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/11/2022, 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fe88d1a45fb7bd836dc1f0887521ace9cfb1be19b58581e6f8b62e50f933926.exe

  • Size

    211KB

  • MD5

    8675e28b0766f02949b6794b8710e332

  • SHA1

    364a453055fc729e5a82bc409d008e6dc4dc15b7

  • SHA256

    2fe88d1a45fb7bd836dc1f0887521ace9cfb1be19b58581e6f8b62e50f933926

  • SHA512

    fe52d49c255c4379c953e800756ae69398c7ff7401c89846e150c07729ac0fbca076d29c4cebeecd702efda2502e2ef18e2f30d54b806cc7cb12d2cb56534123

  • SSDEEP

    3072:ZZhZm5Tx9WsEsLiOuh6Dzj5OIxIzQs5TiA9j+FoxfN3x:ZZhIhDWsVL7uhpbz/5TiC+FoxV

Score
10/10
smokeloadersystembcbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 49 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 19 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fe88d1a45fb7bd836dc1f0887521ace9cfb1be19b58581e6f8b62e50f933926.exe
    "C:\Users\Admin\AppData\Local\Temp\2fe88d1a45fb7bd836dc1f0887521ace9cfb1be19b58581e6f8b62e50f933926.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2140
  • C:\Users\Admin\AppData\Local\Temp\EDDF.exe
    C:\Users\Admin\AppData\Local\Temp\EDDF.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:2608
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 828
      2⤵
      • Program crash
      PID:2388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 828
      2⤵
      • Program crash
      PID:1008
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4944
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 956
      2⤵
      • Program crash
      PID:4884
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2608 -ip 2608
    1⤵
      PID:720
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2608 -ip 2608
      1⤵
        PID:3240
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2608 -ip 2608
        1⤵
          PID:1476
        • C:\Users\Admin\AppData\Local\Temp\28F5.exe
          C:\Users\Admin\AppData\Local\Temp\28F5.exe
          1⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          PID:1500
        • C:\ProgramData\fqptswm\dedxkh.exe
          C:\ProgramData\fqptswm\dedxkh.exe start
          1⤵
          • Executes dropped EXE
          PID:2264
        • C:\Users\Admin\AppData\Local\Temp\9C51.exe
          C:\Users\Admin\AppData\Local\Temp\9C51.exe
          1⤵
          • Executes dropped EXE
          PID:3084
        • C:\Users\Admin\AppData\Local\Temp\A57A.exe
          C:\Users\Admin\AppData\Local\Temp\A57A.exe
          1⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          PID:2584
        • C:\ProgramData\fnsx\ickjbog.exe
          C:\ProgramData\fnsx\ickjbog.exe start
          1⤵
          • Executes dropped EXE
          PID:1460

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\fnsx\ickjbog.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\ProgramData\fnsx\ickjbog.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\ProgramData\fqptswm\dedxkh.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\ProgramData\fqptswm\dedxkh.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\0d502779-c529-4ae0-a0cb-e70926e21349.tmp
          Filesize

          22KB

          MD5

          99e972f6d63ded5a9f3d6a06ff481bec

          SHA1

          b3c98ed6975c649454bce3d88806ad1883e22327

          SHA256

          d6f11c606729d553e9c9b3d0db9e5d51567ea969bedd98008cce7b9415a17490

          SHA512

          ecc322a906b25ea835fdfcb528fb0bc11ade80112b9d0783f0c02100a83368b718c45ca5bdbe38c106e3559db7723dc2fdf38e2bf473fb461ddade999d02f416

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\28F5.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\28F5.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\514c4da3-c1a5-46c5-8d2b-306ae49d7593.tmp
          Filesize

          25KB

          MD5

          9f670566b87be47f09e3871cd67ed6d9

          SHA1

          8b49dd7fb4bf06df0a16cfc03a42832b78bdfabd

          SHA256

          d7089602fa181dfd161165dc1bb34271e7481f88ee2ca06230da2a2269a68c80

          SHA512

          6e53a2d3c4329114f7e562d84bcb6345176ce4d7006c9d699d6dab9886d5aa277b5b8fe5cfb9e574a49e0c1de6414efa913cf9b3ffecd95e9fafa28370fc2456

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\684259a6-0175-4108-a860-699cb31f63c2.tmp
          Filesize

          23KB

          MD5

          7cd73270bd735f9fe77bc9278f9f2b8b

          SHA1

          b27a898970297c750fb7e4d70ad8f87c1e6c1739

          SHA256

          ee80340a02c0f96a3f9d01e635857d38d7b92444d6102ee29804f559f2eaa7f4

          SHA512

          1fe70455d4d8c0fbab9ef20cf85d0de55fea9f18499c653af5d234462aa5c45eaacceadab39e9be62dc548af4f710362dd34970e1d8a666bf09fe4101bf32077

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\9C51.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\9C51.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\A57A.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\A57A.exe
          Filesize

          209KB

          MD5

          cb5376549056d659a798cb9dd7464ffc

          SHA1

          12e8955e0e155c2e57d78955ad0924917b37ccba

          SHA256

          ab4707313627a925d7a67ee8acb04981d558f1ce2a110dea9ba8f02d15f8bc0a

          SHA512

          12130446a1f3a6edd8c68c26a83f0dcb5414aa629ed9f14ccdd99ace33202a79d958484aac12abe70d5810895e31365fbd7ce829d34c8a48e22ebd037a955be7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log
          Filesize

          1KB

          MD5

          07bd5d79e18651bb0758a150cca252da

          SHA1

          bafab651d3a8c900041b7460c4b3d0db6a362e52

          SHA256

          57c21ab757836c1979c5ea959cf760f7d2f88771ba6edfee4848f9f9bff6868a

          SHA512

          ba627fbde74d1b18fc4644df86c6a4832910464c110a8fa29fa24818b630040799113ea73dd8af24644f5de19ec49dc97bbda557e1cbce6278974f0ef4c461b8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\EDDF.exe
          Filesize

          4.8MB

          MD5

          a21893776d4acf7921ca29637a232db1

          SHA1

          a5d85fbb4781f7b8944eb20e60c62c55ed90cc14

          SHA256

          134914aa5bdf7d226c01ebd6ef1be24ccf4d6bb203dad2a5a247901ee8d90f79

          SHA512

          e598c3f789cda36d87d2e2d157eece5ae54c60564b4087f21a9bea47c22258c718141ad4f47d25b08680130d6b21bc08e9ae668378c862eade4cb5a4b959653c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\EDDF.exe
          Filesize

          4.8MB

          MD5

          a21893776d4acf7921ca29637a232db1

          SHA1

          a5d85fbb4781f7b8944eb20e60c62c55ed90cc14

          SHA256

          134914aa5bdf7d226c01ebd6ef1be24ccf4d6bb203dad2a5a247901ee8d90f79

          SHA512

          e598c3f789cda36d87d2e2d157eece5ae54c60564b4087f21a9bea47c22258c718141ad4f47d25b08680130d6b21bc08e9ae668378c862eade4cb5a4b959653c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\GBQHURCC-20220812-1921.log
          Filesize

          60KB

          MD5

          1cf46c46969b3da7c921f538e1052d75

          SHA1

          55b4f1bf8834de7fcec5b964d4e207ab787d453a

          SHA256

          8c1d6e5d024f1fa3f60323e3d7b2d76c4090f73aab9aca557b74edf58cb68a19

          SHA512

          78de5976109b5351e68c28069cd543e667a6361ca9fe7e5b141b1979f94ec46e26389d2e1e871cd8259890ade477f90f29ca4a091968333bd8a4fbd8d820b2fc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Rpiidpytrto.tmp
          Filesize

          3.5MB

          MD5

          c597ca48af580cb2755914474a787ddf

          SHA1

          427cdbd19eadb94f1f89b51a7c3647a3ff7d3925

          SHA256

          8c67a70fe070595fda6ec977af7da0085d40df299f04cdd5669156752fee3f31

          SHA512

          c41ab851b712c484184934b2dab7015d329ec485b454b645411f69a97ef4a46351fe892f86522abf19c08cf1b7b6a5212954053b8218046cdfab24ef734e47ab

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\aria-debug-4640.log
          Filesize

          470B

          MD5

          557f0a02b3501eb4e60e5fba315b99ee

          SHA1

          4f259e938512bda39d0701ee46d06823fa654e15

          SHA256

          13adbffe25952b222854ce31a71f71f5ffd885f91abcf912d3a9129be553a381

          SHA512

          def43befeed26be88a4997a649192cffabe428b58f99d0d833b74c40ab1e409bd2c42633d6f7acb83b8939413becb1e4f8d01291d4a9333c383c48a407f9e90f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
          Filesize

          1KB

          MD5

          f42f2a2ee390bc203d1984162fd57a8f

          SHA1

          4cfad4d5561b33d6afcaf06a374ba8cc5b7da289

          SHA256

          90d944e4a4aa77a6d376114db46b8b3b47fb7e46e7769d34c978c93ec27b0cd1

          SHA512

          387f2b06a71bd2680b851c69812e9b3af4a41f15d0731d316b258f5453bfb24579dbee389573fbed9d1b775072daec16255ad541e8956608b2e7574de45d27f9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4F1D.txt
          Filesize

          427KB

          MD5

          7cb368867b63387e87ac8c43fda56652

          SHA1

          8337144cc4b0ac41f1c46fb822686d6c042988b4

          SHA256

          e1c789a635b5037c07d3653d00e1bd4fc421a8142a9def49cd35e17bc3ba3472

          SHA512

          2ed4333d01fe1b377c4131c7175d3547f677aa63f515b829d271d628ddde7c6172a50b9cf4032b2549f83f5e71e7434ab55c80a2fedd2df467c8a1778c1c5023

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\jawshtml.html
          Filesize

          13B

          MD5

          b2a4bc176e9f29b0c439ef9a53a62a1a

          SHA1

          1ae520cbbf7e14af867232784194366b3d1c3f34

          SHA256

          7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

          SHA512

          e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wctC61E.tmp
          Filesize

          62KB

          MD5

          7185e716980842db27c3b3a88e1fe804

          SHA1

          e4615379cd4797629b4cc3da157f4d4a5412fb2b

          SHA256

          094754a618b102b7ad0800dd4c9c02c882cf2d1e7996ba864f422fa4312427e1

          SHA512

          dea331907f5f1de407ca07e24be7ad808fa43a0eef2d1b5009721f937ab2a8f77832e332d5ac3d9662e5b02ecaabbec0f4228af279fa6562be4dccb6c829246c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
          Filesize

          697B

          MD5

          bdcd60d0f8f1a5c5541b99599702de47

          SHA1

          e18d6ad9df2a91c55f90c725fb0a5885cef369bc

          SHA256

          c4975a51f52c7e43048be7ca33fca70869ad84845a489967ab7c93d4be28cf3c

          SHA512

          c98abf7754f78d171e18e5ca3ba8fb25f4793b02bc1f3f43ecf626c1c4f80f28f9ebec95b2ff4548235db7dbe4f15338623b3259ca73feade3bca6ff76bf3e76

          Download Submit

        • memory/1460-202-0x0000000000650000-0x0000000000750000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1460-203-0x0000000000400000-0x0000000000590000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-204-0x0000000000650000-0x0000000000750000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1500-182-0x0000000000400000-0x0000000000590000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1500-181-0x0000000002180000-0x0000000002189000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1500-180-0x000000000061D000-0x000000000062D000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1500-190-0x000000000061D000-0x000000000062D000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2140-132-0x000000000072D000-0x000000000073E000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2140-135-0x0000000000400000-0x0000000000591000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2140-134-0x0000000000400000-0x0000000000591000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2140-133-0x0000000000610000-0x0000000000619000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2264-186-0x0000000000400000-0x0000000000590000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2264-185-0x00000000007D8000-0x00000000007E8000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2584-197-0x000000000072D000-0x000000000073D000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2584-198-0x0000000000400000-0x0000000000590000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2608-143-0x0000000003920000-0x0000000004489000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/2608-149-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-175-0x0000000000400000-0x0000000000A61000-memory.dmp

          Filesize

          6.4MB

          Download

        • memory/2608-139-0x0000000002913000-0x0000000002DBD000-memory.dmp

          Filesize

          4.7MB

          Download

        • memory/2608-152-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-179-0x0000000003920000-0x0000000004489000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/2608-147-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-140-0x0000000002DC0000-0x0000000003415000-memory.dmp

          Filesize

          6.3MB

          Download

        • memory/2608-151-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-150-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-148-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-141-0x0000000000400000-0x0000000000A61000-memory.dmp

          Filesize

          6.4MB

          Download

        • memory/2608-142-0x0000000000400000-0x0000000000A61000-memory.dmp

          Filesize

          6.4MB

          Download

        • memory/2608-144-0x0000000003920000-0x0000000004489000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/2608-146-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-153-0x0000000004490000-0x00000000045D0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2608-145-0x0000000003920000-0x0000000004489000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/3084-192-0x0000000000400000-0x0000000000590000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3084-191-0x00000000007ED000-0x00000000007FD000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3084-196-0x00000000007ED000-0x00000000007FD000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4944-155-0x0000000003100000-0x0000000003C69000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/4944-173-0x0000000003100000-0x0000000003C69000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/4944-174-0x0000000003100000-0x0000000003C69000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/4944-156-0x0000000003D80000-0x0000000003EC0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4944-170-0x0000000000C00000-0x000000000164A000-memory.dmp

          Filesize

          10.3MB

          Download

        • memory/4944-171-0x0000000003D80000-0x0000000003EC0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4944-172-0x0000000003D80000-0x0000000003EC0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4944-157-0x0000000003D80000-0x0000000003EC0000-memory.dmp

          Filesize

          1.2MB

          Download