Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/10/2023, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1.exe

  • Size

    355KB

  • MD5

    bc314ded7cad370c7cb70d2399afac67

  • SHA1

    50e73ddc8079f1bebbb7fb3ac44af7cf84e64fd0

  • SHA256

    9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1

  • SHA512

    d66ef15347ffbce0bd4d4ca43e61d7bd2c79cdc297eae4379f71143705c5f98f9a569f370bc32f715c493bd201718d3b677203e7fb62354451e154315251ba69

  • SSDEEP

    6144:4bW+5I3l405JVaYUwJhKFoPGmaKuq6krXDzv09t:zUIVfVUEhlPGk/PrXvY

Score
10/10
smokeloader0024backdoorcollectionevasiontrojan

Malware Config

Extracted

Family

smokeloader

Botnet

0024

Extracted

Family

smokeloader

Version

2022

C2

https://utah-saints.com/search.php

https://atlanta-newspaper.com/search.php
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Gathers network information 2 TTPs 4 IoCs

    Uses commandline utility to view network configuration.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 21 IoCs
    adwarespyware
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1.exe
    "C:\Users\Admin\AppData\Local\Temp\9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\Admin\AppData\Local\Temp\3233802063.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1412
      • C:\Users\Admin\AppData\Local\Temp\3233802063.exe
        "C:\Users\Admin\AppData\Local\Temp\3233802063.exe"
        3⤵
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4084
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c taskkill /im "9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1.exe" & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3948
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /im "9e697e73ca8efcc8b76313624967e496bd12c462b2fde7c87e34bad408bf38d1.exe" /f
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 2008
      2⤵
      • Program crash
      PID:2124
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4768 -ip 4768
    1⤵
      PID:3840
    • C:\Windows\system32\cmd.exe
      cmd
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic /namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /format:csv
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1960
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic /namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /format:csv
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1556
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic /namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get displayName /format:csv
        2⤵
          PID:1512
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic /namespace:\\root\cimv2 Path Win32_Processor Get Name,DeviceID,NumberOfCores /format:csv
          2⤵
            PID:5012
          • C:\Windows\System32\Wbem\WMIC.exe
            wmic /namespace:\\root\cimv2 Path Win32_Product Get Name,Version /format:csv
            2⤵
              PID:2640
            • C:\Windows\System32\Wbem\WMIC.exe
              wmic /namespace:\\root\cimv2 Path Win32_NetworkAdapter Where PhysicalAdapter=TRUE Get Name,MACAddress,ProductName,ServiceName,NetConnectionID /format:csv
              2⤵
                PID:464
              • C:\Windows\System32\Wbem\WMIC.exe
                wmic /namespace:\\root\cimv2 Path Win32_StartupCommand Get Name,Location,Command /format:csv
                2⤵
                  PID:3676
                • C:\Windows\System32\Wbem\WMIC.exe
                  wmic /namespace:\\root\cimv2 Path Win32_OperatingSystem Get Caption,CSDVersion,BuildNumber,Version,BuildType,CountryCode,CurrentTimeZone,InstallDate,LastBootUpTime,Locale,OSArchitecture,OSLanguage,OSProductSuite,OSType,SystemDirectory,Organization,RegisteredUser,SerialNumber /format:csv
                  2⤵
                    PID:3872
                  • C:\Windows\System32\Wbem\WMIC.exe
                    wmic /namespace:\\root\cimv2 Path Win32_Process Get Caption,CommandLine,ExecutablePath,ProcessId /format:csv
                    2⤵
                      PID:1520
                    • C:\Windows\System32\Wbem\WMIC.exe
                      wmic /namespace:\\root\cimv2 Path Win32_Volume Get Name,Label,FileSystem,SerialNumber,BootVolume,Capacity,DriveType /format:csv
                      2⤵
                        PID:2972
                      • C:\Windows\System32\Wbem\WMIC.exe
                        wmic /namespace:\\root\cimv2 Path Win32_UserAccount Get Name,Domain,AccountType,LocalAccount,Disabled,Status,SID /format:csv
                        2⤵
                          PID:3784
                        • C:\Windows\System32\Wbem\WMIC.exe
                          wmic /namespace:\\root\cimv2 Path Win32_GroupUser Get GroupComponent,PartComponent /format:csv
                          2⤵
                            PID:4884
                          • C:\Windows\System32\Wbem\WMIC.exe
                            wmic /namespace:\\root\cimv2 Path Win32_ComputerSystem Get Caption,Manufacturer,PrimaryOwnerName,UserName,Workgroup /format:csv
                            2⤵
                              PID:4604
                            • C:\Windows\System32\Wbem\WMIC.exe
                              wmic /namespace:\\root\cimv2 Path Win32_PnPEntity Where ClassGuid="{50dd5230-ba8a-11d1-bf5d-0000f805f530}" Get Name,DeviceID,PNPDeviceID,Manufacturer,Description /format:csv
                              2⤵
                                PID:3496
                              • C:\Windows\system32\ipconfig.exe
                                ipconfig /displaydns
                                2⤵
                                • Gathers network information
                                PID:2848
                              • C:\Windows\system32\ROUTE.EXE
                                route print
                                2⤵
                                  PID:4300
                                • C:\Windows\system32\netsh.exe
                                  netsh firewall show state
                                  2⤵
                                  • Modifies Windows Firewall
                                  PID:4440
                                • C:\Windows\system32\systeminfo.exe
                                  systeminfo
                                  2⤵
                                  • Gathers system information
                                  PID:2840
                                • C:\Windows\system32\tasklist.exe
                                  tasklist /v
                                  2⤵
                                  • Enumerates processes with tasklist
                                  PID:2788
                                • C:\Windows\system32\net.exe
                                  net accounts /domain
                                  2⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:4528
                                  • C:\Windows\system32\net1.exe
                                    C:\Windows\system32\net1 accounts /domain
                                    3⤵
                                      PID:4264
                                  • C:\Windows\system32\net.exe
                                    net share
                                    2⤵
                                    • Suspicious use of WriteProcessMemory
                                    PID:1320
                                    • C:\Windows\system32\net1.exe
                                      C:\Windows\system32\net1 share
                                      3⤵
                                        PID:3828
                                    • C:\Windows\system32\net.exe
                                      net user
                                      2⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:1480
                                      • C:\Windows\system32\net1.exe
                                        C:\Windows\system32\net1 user
                                        3⤵
                                          PID:2252
                                      • C:\Windows\system32\net.exe
                                        net user /domain
                                        2⤵
                                          PID:1760
                                          • C:\Windows\system32\net1.exe
                                            C:\Windows\system32\net1 user /domain
                                            3⤵
                                              PID:3152
                                          • C:\Windows\system32\net.exe
                                            net use
                                            2⤵
                                              PID:3500
                                            • C:\Windows\system32\net.exe
                                              net group
                                              2⤵
                                                PID:2120
                                                • C:\Windows\system32\net1.exe
                                                  C:\Windows\system32\net1 group
                                                  3⤵
                                                    PID:3692
                                                • C:\Windows\system32\net.exe
                                                  net localgroup
                                                  2⤵
                                                    PID:1212
                                                    • C:\Windows\system32\net1.exe
                                                      C:\Windows\system32\net1 localgroup
                                                      3⤵
                                                        PID:3760
                                                    • C:\Windows\system32\NETSTAT.EXE
                                                      netstat -r
                                                      2⤵
                                                      • Gathers network information
                                                      PID:2244
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
                                                        3⤵
                                                          PID:3556
                                                          • C:\Windows\system32\ROUTE.EXE
                                                            C:\Windows\system32\route.exe print
                                                            4⤵
                                                              PID:1728
                                                        • C:\Windows\system32\NETSTAT.EXE
                                                          netstat -nao
                                                          2⤵
                                                          • Gathers network information
                                                          PID:1172
                                                        • C:\Windows\system32\schtasks.exe
                                                          schtasks /query
                                                          2⤵
                                                            PID:2272
                                                          • C:\Windows\system32\ipconfig.exe
                                                            ipconfig /all
                                                            2⤵
                                                            • Gathers network information
                                                            PID:4088
                                                        • C:\Windows\system32\msiexec.exe
                                                          C:\Windows\system32\msiexec.exe /V
                                                          1⤵
                                                            PID:1652
                                                          • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                            "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
                                                            1⤵
                                                              PID:488
                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                              "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                                                              1⤵
                                                              • Modifies Internet Explorer settings
                                                              • Suspicious use of FindShellTrayWindow
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:1356
                                                              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1356 CREDAT:17410 /prefetch:2
                                                                2⤵
                                                                • Modifies Internet Explorer settings
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:180
                                                            • C:\Windows\SysWOW64\explorer.exe
                                                              C:\Windows\SysWOW64\explorer.exe
                                                              1⤵
                                                              • Accesses Microsoft Outlook profiles
                                                              • outlook_office_path
                                                              • outlook_win_path
                                                              PID:4296
                                                            • C:\Windows\explorer.exe
                                                              C:\Windows\explorer.exe
                                                              1⤵
                                                                PID:3856
                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                C:\Windows\SysWOW64\explorer.exe
                                                                1⤵
                                                                • Suspicious behavior: MapViewOfSection
                                                                PID:3260
                                                              • C:\Windows\explorer.exe
                                                                C:\Windows\explorer.exe
                                                                1⤵
                                                                • Suspicious behavior: MapViewOfSection
                                                                PID:4636
                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                C:\Windows\SysWOW64\explorer.exe
                                                                1⤵
                                                                • Suspicious behavior: MapViewOfSection
                                                                PID:1512
                                                              • C:\Windows\explorer.exe
                                                                C:\Windows\explorer.exe
                                                                1⤵
                                                                • Suspicious behavior: MapViewOfSection
                                                                PID:4744
                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                C:\Windows\SysWOW64\explorer.exe
                                                                1⤵
                                                                  PID:4912
                                                                • C:\Windows\explorer.exe
                                                                  C:\Windows\explorer.exe
                                                                  1⤵
                                                                    PID:3180

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
                                                                    Filesize

                                                                    717B

                                                                    MD5

                                                                    60fe01df86be2e5331b0cdbe86165686

                                                                    SHA1

                                                                    2a79f9713c3f192862ff80508062e64e8e0b29bd

                                                                    SHA256

                                                                    c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

                                                                    SHA512

                                                                    ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
                                                                    Filesize

                                                                    192B

                                                                    MD5

                                                                    d7df006816948f5d281ddb82f3009582

                                                                    SHA1

                                                                    640938d90921bfb4757bdfa6a64a45da6f7d8f5c

                                                                    SHA256

                                                                    4a8560e5550db7d28062191a8dc2791d697c7e6effff62f2ea0edadc47774a31

                                                                    SHA512

                                                                    4914fdd82b37788fb9925648673978dc53bc3219a6d169b398b59ac37526dfa7ff857753bfbb4bddcd87cf74267904d32182294d625f10355545def1e7fa7ffd

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\3233802063.exe
                                                                    Filesize

                                                                    284KB

                                                                    MD5

                                                                    ae98f5bd3ce960515dc6912fb0a5499d

                                                                    SHA1

                                                                    f4318b8873f360dadf0d7ba9d0595a7d565ab574

                                                                    SHA256

                                                                    5cc78b4a51a0c20c8a9fd32a9e62e72de16f6b356d583a3518a085688abfa810

                                                                    SHA512

                                                                    9f538bc26025b9b764a687986b5c61938717ee5a355ef7bb1070ac78f88ae7800d8bbbee11051ad9befb75a89f88d0b79b3d18a2666fe5116e89e6274ebace49

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Temp\3233802063.exe
                                                                    Filesize

                                                                    284KB

                                                                    MD5

                                                                    ae98f5bd3ce960515dc6912fb0a5499d

                                                                    SHA1

                                                                    f4318b8873f360dadf0d7ba9d0595a7d565ab574

                                                                    SHA256

                                                                    5cc78b4a51a0c20c8a9fd32a9e62e72de16f6b356d583a3518a085688abfa810

                                                                    SHA512

                                                                    9f538bc26025b9b764a687986b5c61938717ee5a355ef7bb1070ac78f88ae7800d8bbbee11051ad9befb75a89f88d0b79b3d18a2666fe5116e89e6274ebace49

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Roaming\iadjvee
                                                                    Filesize

                                                                    284KB

                                                                    MD5

                                                                    ae98f5bd3ce960515dc6912fb0a5499d

                                                                    SHA1

                                                                    f4318b8873f360dadf0d7ba9d0595a7d565ab574

                                                                    SHA256

                                                                    5cc78b4a51a0c20c8a9fd32a9e62e72de16f6b356d583a3518a085688abfa810

                                                                    SHA512

                                                                    9f538bc26025b9b764a687986b5c61938717ee5a355ef7bb1070ac78f88ae7800d8bbbee11051ad9befb75a89f88d0b79b3d18a2666fe5116e89e6274ebace49

                                                                    Download Submit

                                                                  • memory/1512-160-0x0000000000C10000-0x0000000000C19000-memory.dmp

                                                                    Filesize

                                                                    36KB

                                                                    Download

                                                                  • memory/1512-159-0x0000000000C20000-0x0000000000C25000-memory.dmp

                                                                    Filesize

                                                                    20KB

                                                                    Download

                                                                  • memory/1512-158-0x0000000000C10000-0x0000000000C19000-memory.dmp

                                                                    Filesize

                                                                    36KB

                                                                    Download

                                                                  • memory/3136-48-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-98-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-31-0x00000000012C0000-0x00000000012D6000-memory.dmp

                                                                    Filesize

                                                                    88KB

                                                                    Download

                                                                  • memory/3136-117-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-36-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-35-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-38-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-37-0x0000000003220000-0x0000000003230000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-39-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-40-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-41-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-44-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-42-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-46-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-47-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-115-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-49-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-52-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-51-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-50-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-55-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-53-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-57-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-59-0x0000000003220000-0x0000000003230000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-58-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-60-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-85-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-64-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-66-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-65-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-63-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-69-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-68-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-61-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-70-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-71-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-72-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-116-0x0000000002D00000-0x0000000002D10000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-79-0x0000000003230000-0x0000000003240000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-113-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-109-0x0000000002D00000-0x0000000002D10000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-82-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-83-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-84-0x0000000002CF0000-0x0000000002D00000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-62-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-110-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-94-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-89-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-91-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-93-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-87-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-95-0x0000000002D00000-0x0000000002D10000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-96-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-97-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-86-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-101-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-100-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-102-0x0000000002CF0000-0x0000000002D00000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-104-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-106-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-107-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-108-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3136-111-0x00000000031F0000-0x0000000003200000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/3180-166-0x0000000000F50000-0x0000000000F5D000-memory.dmp

                                                                    Filesize

                                                                    52KB

                                                                    Download

                                                                  • memory/3260-153-0x0000000000470000-0x000000000047B000-memory.dmp

                                                                    Filesize

                                                                    44KB

                                                                    Download

                                                                  • memory/3260-154-0x0000000000480000-0x0000000000487000-memory.dmp

                                                                    Filesize

                                                                    28KB

                                                                    Download

                                                                  • memory/3260-155-0x0000000000470000-0x000000000047B000-memory.dmp

                                                                    Filesize

                                                                    44KB

                                                                    Download

                                                                  • memory/3856-150-0x00000000003C0000-0x00000000003C7000-memory.dmp

                                                                    Filesize

                                                                    28KB

                                                                    Download

                                                                  • memory/3856-151-0x00000000003B0000-0x00000000003BC000-memory.dmp

                                                                    Filesize

                                                                    48KB

                                                                    Download

                                                                  • memory/3856-149-0x00000000003B0000-0x00000000003BC000-memory.dmp

                                                                    Filesize

                                                                    48KB

                                                                    Download

                                                                  • memory/4084-26-0x0000000000400000-0x0000000002284000-memory.dmp

                                                                    Filesize

                                                                    30.5MB

                                                                    Download

                                                                  • memory/4084-32-0x0000000000400000-0x0000000002284000-memory.dmp

                                                                    Filesize

                                                                    30.5MB

                                                                    Download

                                                                  • memory/4084-25-0x00000000023E0000-0x00000000023E9000-memory.dmp

                                                                    Filesize

                                                                    36KB

                                                                    Download

                                                                  • memory/4084-24-0x0000000002530000-0x0000000002630000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/4296-152-0x0000000000A50000-0x0000000000ABB000-memory.dmp

                                                                    Filesize

                                                                    428KB

                                                                    Download

                                                                  • memory/4296-126-0x0000000000A50000-0x0000000000ABB000-memory.dmp

                                                                    Filesize

                                                                    428KB

                                                                    Download

                                                                  • memory/4296-124-0x0000000000AC0000-0x0000000000B35000-memory.dmp

                                                                    Filesize

                                                                    468KB

                                                                    Download

                                                                  • memory/4636-156-0x0000000000C30000-0x0000000000C3F000-memory.dmp

                                                                    Filesize

                                                                    60KB

                                                                    Download

                                                                  • memory/4636-157-0x0000000000C40000-0x0000000000C49000-memory.dmp

                                                                    Filesize

                                                                    36KB

                                                                    Download

                                                                  • memory/4744-162-0x00000000007C0000-0x00000000007CC000-memory.dmp

                                                                    Filesize

                                                                    48KB

                                                                    Download

                                                                  • memory/4744-161-0x00000000007D0000-0x00000000007D6000-memory.dmp

                                                                    Filesize

                                                                    24KB

                                                                    Download

                                                                  • memory/4768-28-0x0000000002540000-0x000000000257E000-memory.dmp

                                                                    Filesize

                                                                    248KB

                                                                    Download

                                                                  • memory/4768-30-0x0000000000400000-0x0000000002295000-memory.dmp

                                                                    Filesize

                                                                    30.6MB

                                                                    Download

                                                                  • memory/4768-17-0x0000000000400000-0x0000000002295000-memory.dmp

                                                                    Filesize

                                                                    30.6MB

                                                                    Download

                                                                  • memory/4768-3-0x0000000000400000-0x0000000002295000-memory.dmp

                                                                    Filesize

                                                                    30.6MB

                                                                    Download

                                                                  • memory/4768-2-0x0000000002540000-0x000000000257E000-memory.dmp

                                                                    Filesize

                                                                    248KB

                                                                    Download

                                                                  • memory/4768-1-0x00000000025A0000-0x00000000026A0000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/4768-27-0x00000000025A0000-0x00000000026A0000-memory.dmp

                                                                    Filesize

                                                                    1024KB

                                                                    Download

                                                                  • memory/4912-163-0x0000000000330000-0x000000000033B000-memory.dmp

                                                                    Filesize

                                                                    44KB

                                                                    Download

                                                                  • memory/4912-164-0x0000000000340000-0x0000000000346000-memory.dmp

                                                                    Filesize

                                                                    24KB

                                                                    Download