Overview

overview

10

Static

static

3

34a1f653a9...8e.exe

windows7-x64

10

34a1f653a9...8e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-08-2023 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34a1f653a9a60f63d1efc783af8e451ee8166b4e764755dc4c73fa338c13e38e.exe

  • Size

    15.6MB

  • MD5

    5b2079058dda0a74e90c72286618de48

  • SHA1

    1759b16ace6c5ca3c53579c6e0f2da27499b140d

  • SHA256

    34a1f653a9a60f63d1efc783af8e451ee8166b4e764755dc4c73fa338c13e38e

  • SHA512

    a436be16300346948b2cec200bd6ebe1f5e46b564df94aa3f5529e481ccd943a5e55d47fdd3622cb56abaceb2e5b8af17e69b1e3db0f9fe933daf0251e6245d1

  • SSDEEP

    393216:qQFQlsK1xAvVFSXSYusfo8NcIfsr8QLCJ66:bFQlRKNlYun8UrFL666

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34a1f653a9a60f63d1efc783af8e451ee8166b4e764755dc4c73fa338c13e38e.exe
    "C:\Users\Admin\AppData\Local\Temp\34a1f653a9a60f63d1efc783af8e451ee8166b4e764755dc4c73fa338c13e38e.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c wmic path Win32_ComputerSystemProduct get uuid /value
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5092
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic path Win32_ComputerSystemProduct get uuid /value
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1264
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c wmic path Win32_ComputerSystemProduct get uuid /value
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4444
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic path Win32_ComputerSystemProduct get uuid /value
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2948
    • C:\Users\Admin\AppData\Local\Temp\34a1f653a9a60f63d1efc783af8e451ee8166b4e764755dc4c73fa338c13e38e.exe
      "C:\Users\Admin\AppData\Local\Temp\34a1f653a9a60f63d1efc783af8e451ee8166b4e764755dc4c73fa338c13e38e.exe" 2AB41233FEE5FEB1A332F95C94109BA6F16BDD23BD49E30C10F2DE2DE8EF1A0D827A807157D70B6C38C3024D23ABFA86B6F3EBDA80F1D919732EE5BD4234BFFF7E64CE75A05F959E675C0DB9381C13C95D9C223D5406EB94944D81F56C4043D5EA2DA158EC8669B2C95F5053368FC25B4F2349ECEB9104F8AC80087E6738
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4244
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c wmic path Win32_ComputerSystemProduct get uuid /value
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4720
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic path Win32_ComputerSystemProduct get uuid /value
          4⤵
            PID:4508
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /c wmic path Win32_ComputerSystemProduct get uuid /value
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4692
          • C:\Windows\SysWOW64\Wbem\WMIC.exe
            wmic path Win32_ComputerSystemProduct get uuid /value
            4⤵
              PID:3276
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /c wmic path Win32_ComputerSystemProduct get uuid /value
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2788
            • C:\Windows\SysWOW64\Wbem\WMIC.exe
              wmic path Win32_ComputerSystemProduct get uuid /value
              4⤵
                PID:3628
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fqnb.lanzouj.com/b0112rmmb
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:1968
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa328d46f8,0x7ffa328d4708,0x7ffa328d4718
                4⤵
                  PID:4936
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
                  4⤵
                    PID:3352
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                    4⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
                    4⤵
                      PID:2948
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                      4⤵
                        PID:380
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                        4⤵
                          PID:2156
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                          4⤵
                            PID:1548
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                            4⤵
                              PID:4668
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                              4⤵
                                PID:1412
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                                4⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1732
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                                4⤵
                                  PID:4832
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13278900753916556682,11909860153568882533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
                                  4⤵
                                    PID:4620
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 2556
                                  3⤵
                                  • Program crash
                                  PID:4140
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4244 -ip 4244
                              1⤵
                                PID:1732
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1944
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4688

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    3423d7e71b832850019e032730997f69

                                    SHA1

                                    bbc91ba3960fb8f7f2d5a190e6585010675d9061

                                    SHA256

                                    53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

                                    SHA512

                                    03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    96B

                                    MD5

                                    05353c52e05b14e4c59f50d5b9130f48

                                    SHA1

                                    c3267c53879c825969fc09ab652b3681cd67eeee

                                    SHA256

                                    5fc8652650c7bcee7386cf2633f2cd4544d4232f39d2a6bfae820731f60b70d6

                                    SHA512

                                    ad461876b0f62d3faa5757d8dd2bb5a77d8bd79e643921b5da3ceade1c1f8cf1b2addb2bbf1f48b99f9cc9ad0c0391334421f005b461061eac5f5ebf2ba4fdad

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    111B

                                    MD5

                                    807419ca9a4734feaf8d8563a003b048

                                    SHA1

                                    a723c7d60a65886ffa068711f1e900ccc85922a6

                                    SHA256

                                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                    SHA512

                                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    d6ad4332c4be11f7bdf52adef13f4bb3

                                    SHA1

                                    78878e4f1ffdccec184fd105658b7835e6350d10

                                    SHA256

                                    e24cfd9be1090b0ccdc67c14ed2031f9864dd16277a3bdd352c681ba6ebe188d

                                    SHA512

                                    fd6e132a95d81890411bbc0fc507d5e745c2d0a3dc09c8987f598c50ab66f545c4cfaa9ee442607ebeefcd8fb92fede1689ef986c68a086b688cb8aefd960b68

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    5e9ad6aaf6c48314a1098d45c04cf407

                                    SHA1

                                    5d8fb369586704746a70dc48cebbfc58032d9607

                                    SHA256

                                    4f6389ac77293c8ab9971e81445fe4460ed6b067f498006a90bd115b1f42d958

                                    SHA512

                                    0bc83e95d50b9023ee04a6472ffb3eb49bd1468ef24a960f4f6f9123bdff9b52564fe18bdeb5d426b69242a123298d8d8b029e6a1c1dee47c65a7c3cdfa56707

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    24KB

                                    MD5

                                    0e78f9a3ece93ae9434c64ea2bff51dc

                                    SHA1

                                    a0e4c75fe32417fe2df705987df5817326e1b3b9

                                    SHA256

                                    5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

                                    SHA512

                                    9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    12KB

                                    MD5

                                    7eb979c5066bfbaa9943b6d15d5bb321

                                    SHA1

                                    763a0a361fd1aa85a2a1669bed121e4196a443b8

                                    SHA256

                                    fc6b1bb032e9adabf1a1ecb289c5054d05f0e5984c90d138bda0849d64f6ef96

                                    SHA512

                                    25ae38a315f0b8851fdbd60eda8733e7506f3ed3ac36bfc1ceb9a0c8a82943c7c8396c64ba8b1e99724f549c68b7e22e3184614c1f0c75cc8c6617d5c8c67514

                                    Download Submit

                                  • memory/1932-136-0x0000000003940000-0x0000000004289000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/1932-135-0x0000000000400000-0x0000000001A81000-memory.dmp

                                    Filesize

                                    22.5MB

                                    Download

                                  • memory/1932-134-0x0000000003940000-0x0000000004289000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/1932-133-0x0000000000400000-0x0000000001A81000-memory.dmp

                                    Filesize

                                    22.5MB

                                    Download

                                  • memory/4244-165-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-183-0x0000000004AC0000-0x0000000004AF8000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-144-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-146-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-147-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-148-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-149-0x0000000076550000-0x0000000076640000-memory.dmp

                                    Filesize

                                    960KB

                                    Download

                                  • memory/4244-150-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-151-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-152-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-154-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-156-0x0000000004AC0000-0x0000000004AF8000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-157-0x0000000004B10000-0x0000000004B48000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-158-0x0000000004B10000-0x0000000004B48000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-155-0x0000000004A70000-0x0000000004A91000-memory.dmp

                                    Filesize

                                    132KB

                                    Download

                                  • memory/4244-153-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-160-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-161-0x0000000076550000-0x0000000076640000-memory.dmp

                                    Filesize

                                    960KB

                                    Download

                                  • memory/4244-162-0x0000000004A70000-0x0000000004A91000-memory.dmp

                                    Filesize

                                    132KB

                                    Download

                                  • memory/4244-164-0x0000000004B10000-0x0000000004B48000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-159-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-142-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-167-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-168-0x0000000004AC0000-0x0000000004AF8000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-172-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-173-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-174-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-181-0x0000000001E00000-0x0000000001F00000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4244-182-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-143-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-186-0x0000000005E00000-0x0000000005E20000-memory.dmp

                                    Filesize

                                    128KB

                                    Download

                                  • memory/4244-187-0x0000000004960000-0x0000000004A3B000-memory.dmp

                                    Filesize

                                    876KB

                                    Download

                                  • memory/4244-188-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-189-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-191-0x0000000076550000-0x0000000076640000-memory.dmp

                                    Filesize

                                    960KB

                                    Download

                                  • memory/4244-190-0x0000000004840000-0x0000000004841000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4244-192-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-193-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-194-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-195-0x0000000004830000-0x0000000004831000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4244-196-0x0000000076550000-0x0000000076640000-memory.dmp

                                    Filesize

                                    960KB

                                    Download

                                  • memory/4244-197-0x0000000004A70000-0x0000000004A91000-memory.dmp

                                    Filesize

                                    132KB

                                    Download

                                  • memory/4244-200-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-198-0x00000000063C0000-0x00000000064E8000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/4244-199-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-201-0x0000000004AC0000-0x0000000004AF8000-memory.dmp

                                    Filesize

                                    224KB

                                    Download

                                  • memory/4244-204-0x00000000063C0000-0x00000000064E8000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/4244-203-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-207-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-206-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-141-0x0000000004960000-0x0000000004A3B000-memory.dmp

                                    Filesize

                                    876KB

                                    Download

                                  • memory/4244-139-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-138-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-137-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-202-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-210-0x0000000001E00000-0x0000000001F00000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4244-219-0x00000000037F0000-0x0000000004139000-memory.dmp

                                    Filesize

                                    9.3MB

                                    Download

                                  • memory/4244-226-0x0000000076550000-0x0000000076640000-memory.dmp

                                    Filesize

                                    960KB

                                    Download