Overview

overview

10

Static

static

3

abf01f37f3...JC.exe

windows7-x64

10

abf01f37f3...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2023, 21:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    abf01f37f3233a446f1ba203d2c99e0f_JC.exe

  • Size

    1.2MB

  • MD5

    abf01f37f3233a446f1ba203d2c99e0f

  • SHA1

    3fa185e11ee45123b113f67b2433217067724668

  • SHA256

    b75a80fc32b8abfe0633d0616873e35beb70e59caaf06b54f4563fba2e908a74

  • SHA512

    2e3ced8e98c68a36944b6fb273c0839739b2c9e084ae6ea4c5b8f34d0ee2f179d1003356efb9ad264e71646d4ed5ccf78ccdc980a745752be2a70f0ea06cde71

  • SSDEEP

    24576:IMrbrn/mG9Pwrn/POzMQGEvGEPapJoedR5inu3i6ZTdDiUSgwt9faL+Wdi3oBMcX:IMHrn/X9Pwrn/POzMQGEvGE2linu3i6Z

Score
10/10
salitybackdoorbootkitevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Modifies firewall policy service 2 TTPs 3 IoCs
    evasion
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 64 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops autorun.inf file 1 TTPs 35 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1112
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1236
        • C:\Users\Admin\AppData\Local\Temp\abf01f37f3233a446f1ba203d2c99e0f_JC.exe
          "C:\Users\Admin\AppData\Local\Temp\abf01f37f3233a446f1ba203d2c99e0f_JC.exe"
          2⤵
          • Modifies WinLogon for persistence
          • Modifies firewall policy service
          • UAC bypass
          • Windows security bypass
          • Loads dropped DLL
          • Windows security modification
          • Checks whether UAC is enabled
          • Drops desktop.ini file(s)
          • Enumerates connected drives
          • Writes to the Master Boot Record (MBR)
          • Drops autorun.inf file
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:664
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c C:\Users\Admin\AppData\Local\Temp\CQ.bat
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1216
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /im qq.exe /f
              4⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:2580
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c C:\Users\Admin\AppData\Local\Temp\temp.bat
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1732
            • C:\Windows\SysWOW64\cacls.exe
              cacls "C:\Program Files\Windows Media Player\a" /d everyone /e
              4⤵
                PID:1956
            • C:\Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡
              "C:\Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡" pid 664"C:\Users\Admin\AppData\Local\Temp\abf01f37f3233a446f1ba203d2c99e0f_JC.exe"
              3⤵
              • Modifies WinLogon for persistence
              • Modifies visibility of file extensions in Explorer
              • Executes dropped EXE
              • Loads dropped DLL
              • Writes to the Master Boot Record (MBR)
              • Suspicious use of SetWindowsHookEx
              PID:1564
        • C:\Windows\system32\Dwm.exe
          "C:\Windows\system32\Dwm.exe"
          1⤵
            PID:1180
          • C:\Windows\system32\conhost.exe
            \??\C:\Windows\system32\conhost.exe "751195563688236382-806882725960748574-6940158781223745374778674875574495563"
            1⤵
              PID:2952

            Network

                  MITRE ATT&CK Enterprise v15

                  Reconnaissance

                  Resource Development

                  Initial Access

                  Replication Through Removable Media

                  1
                  T1091

                  Execution

                  Persistence

                  Boot or Logon Autostart Execution

                  1
                  T1547

                  Winlogon Helper DLL

                  1
                  T1547.004

                  Create or Modify System Process

                  1
                  T1543

                  Windows Service

                  1
                  T1543.003

                  Pre-OS Boot

                  1
                  T1542

                  Bootkit

                  1
                  T1542.003

                  Privilege Escalation

                  Abuse Elevation Control Mechanism

                  1
                  T1548

                  Bypass User Account Control

                  1
                  T1548.002

                  Boot or Logon Autostart Execution

                  1
                  T1547

                  Winlogon Helper DLL

                  1
                  T1547.004

                  Create or Modify System Process

                  1
                  T1543

                  Windows Service

                  1
                  T1543.003

                  Defense Evasion

                  Abuse Elevation Control Mechanism

                  1
                  T1548

                  Bypass User Account Control

                  1
                  T1548.002

                  Hide Artifacts

                  1
                  T1564

                  Hidden Files and Directories

                  1
                  T1564.001

                  Impair Defenses

                  3
                  T1562

                  Disable or Modify Tools

                  3
                  T1562.001

                  Modify Registry

                  7
                  T1112

                  Pre-OS Boot

                  1
                  T1542

                  Bootkit

                  1
                  T1542.003

                  Credential Access

                  Discovery

                  Peripheral Device Discovery

                  1
                  T1120

                  Query Registry

                  1
                  T1012

                  System Information Discovery

                  3
                  T1082

                  Lateral Movement

                  Replication Through Removable Media

                  1
                  T1091

                  Collection

                  Command and Control

                  Exfiltration

                  Impact

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡
                    Filesize

                    1.2MB

                    MD5

                    abf01f37f3233a446f1ba203d2c99e0f

                    SHA1

                    3fa185e11ee45123b113f67b2433217067724668

                    SHA256

                    b75a80fc32b8abfe0633d0616873e35beb70e59caaf06b54f4563fba2e908a74

                    SHA512

                    2e3ced8e98c68a36944b6fb273c0839739b2c9e084ae6ea4c5b8f34d0ee2f179d1003356efb9ad264e71646d4ed5ccf78ccdc980a745752be2a70f0ea06cde71

                    Download Submit

                  • C:\Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡
                    Filesize

                    1.2MB

                    MD5

                    abf01f37f3233a446f1ba203d2c99e0f

                    SHA1

                    3fa185e11ee45123b113f67b2433217067724668

                    SHA256

                    b75a80fc32b8abfe0633d0616873e35beb70e59caaf06b54f4563fba2e908a74

                    SHA512

                    2e3ced8e98c68a36944b6fb273c0839739b2c9e084ae6ea4c5b8f34d0ee2f179d1003356efb9ad264e71646d4ed5ccf78ccdc980a745752be2a70f0ea06cde71

                    Download Submit

                  • C:\Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡
                    Filesize

                    1.2MB

                    MD5

                    abf01f37f3233a446f1ba203d2c99e0f

                    SHA1

                    3fa185e11ee45123b113f67b2433217067724668

                    SHA256

                    b75a80fc32b8abfe0633d0616873e35beb70e59caaf06b54f4563fba2e908a74

                    SHA512

                    2e3ced8e98c68a36944b6fb273c0839739b2c9e084ae6ea4c5b8f34d0ee2f179d1003356efb9ad264e71646d4ed5ccf78ccdc980a745752be2a70f0ea06cde71

                    Download Submit

                  • C:\Program Files\Windows Media Player\autorun.inf\desktop.ini
                    Filesize

                    65B

                    MD5

                    ad0b0b4416f06af436328a3c12dc491b

                    SHA1

                    743c7ad130780de78ccbf75aa6f84298720ad3fa

                    SHA256

                    23521de51ca1db2bc7b18e41de7693542235284667bf85f6c31902547a947416

                    SHA512

                    884cd0cae3b31a594f387dae94fc1e0aacb4fd833f8a3368bdec7de0f9f3dc44337c7318895d9549aad579f95de71ff45e1618e75065a04c7894ad1d0d0eac56

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\CQ.bat
                    Filesize

                    30B

                    MD5

                    458d6a0f8398f6fa8bda7bb2ba5be353

                    SHA1

                    eec02a1cf5047cee3d4dee32ef13498c49a61154

                    SHA256

                    66142298d915314ddb48b417e96b48936e71a190d8f7cd8ae5a053cbe2746ddc

                    SHA512

                    c4fad6cafa4b17da18f5beceb65f91414c9fa0774c99caeadc87bc44f5faee6425208c78f6f111bec71b2e0cf58922c4bb62a0e3247b2af7699113a76c11c730

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\CQ.bat
                    Filesize

                    30B

                    MD5

                    458d6a0f8398f6fa8bda7bb2ba5be353

                    SHA1

                    eec02a1cf5047cee3d4dee32ef13498c49a61154

                    SHA256

                    66142298d915314ddb48b417e96b48936e71a190d8f7cd8ae5a053cbe2746ddc

                    SHA512

                    c4fad6cafa4b17da18f5beceb65f91414c9fa0774c99caeadc87bc44f5faee6425208c78f6f111bec71b2e0cf58922c4bb62a0e3247b2af7699113a76c11c730

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\E_N4\Md5.fne
                    Filesize

                    28KB

                    MD5

                    992322b55f2684fe4c83b8e94dd54adb

                    SHA1

                    0990c5d0da44f3dfa45208c8d7d6ca27614dc165

                    SHA256

                    d3204ab23cfb93ec59c26624b46c436da7545bb91cbca0d9801b8e3ac0df3ead

                    SHA512

                    471ae13171f3f15f53126b04ada3157b4d194cec2d6b14502b1ea17962b163360f7e6a60187c1d15795c61955a64b19c1c68fcc5af6c7ee80ba3be6af1dcbf5b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
                    Filesize

                    332KB

                    MD5

                    3102c454a9543e58fe3ad5f783f5a690

                    SHA1

                    dc98fe9c47b1b4123ebe5e0132c0ba2d391570e9

                    SHA256

                    039670ca85824d4850e737a308aa8e628c83551a21711d549b17068fbdb2d9d9

                    SHA512

                    5b3218804054f0a3c24f3705c4902f333db0fc7b39aa81c2b71fefa0bc7d2a2ded14a13ab01ef3627889ff167ee7f565401ad0e5b5c9697d40f14f67228b9807

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne
                    Filesize

                    192KB

                    MD5

                    c1180974dd8a7c6d9f8fcc13096b4f7a

                    SHA1

                    9d50021334248bf0c752b3ed34deed48325da05c

                    SHA256

                    5b1ff0cabb2384f4b6385c1acce1d5e3a9d7b8e0403e2224cd1ab9722a599d3d

                    SHA512

                    c8b938bf172b9d2ccfaea34ff7cfddc9eaab8a9416a07e458bd34dfed2ea18de66d23dbaa9f15c2faf1009e00a8dfca3168ab41f02ef28e97c9197c3ca6943e9

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
                    Filesize

                    1.0MB

                    MD5

                    4b30dbe1a79b2b7572ff637cb3765ced

                    SHA1

                    b08eba0e9bdb62d426db8d2b3d451152a56f79a1

                    SHA256

                    4208bdf90e97398a452d459d89562bda361bc6e911a385c4e31481a776f69e6d

                    SHA512

                    40e99c4a9d160a734a1675d75209dd88c7389c95cf0d0b6101f7e9edb2f3ebfe85e7170f0f4bae8a2e9533048bd5ecd414797b02ef257aecd90431f0c29ccfce

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\temp.bat
                    Filesize

                    72B

                    MD5

                    28b4bca46f12e840a196a027b05b1675

                    SHA1

                    3d1c1c0ac44bf8db45d579287dbd0ecc26ddcbfa

                    SHA256

                    aacf79a3eb763b78eccfe7ef16c9b4d80aa3bd07e70b2a87f6ba551bd78ea808

                    SHA512

                    22fe6b9a3b36b77b4ac39d2a96fd5a944bf756b885318f6410e1c57f79a27fa65aba1ec6e24fa7ab318330de24ab86b9327ed770480fe7c1188483a0033a207f

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\temp.bat
                    Filesize

                    72B

                    MD5

                    28b4bca46f12e840a196a027b05b1675

                    SHA1

                    3d1c1c0ac44bf8db45d579287dbd0ecc26ddcbfa

                    SHA256

                    aacf79a3eb763b78eccfe7ef16c9b4d80aa3bd07e70b2a87f6ba551bd78ea808

                    SHA512

                    22fe6b9a3b36b77b4ac39d2a96fd5a944bf756b885318f6410e1c57f79a27fa65aba1ec6e24fa7ab318330de24ab86b9327ed770480fe7c1188483a0033a207f

                    Download Submit

                  • \Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡
                    Filesize

                    1.2MB

                    MD5

                    abf01f37f3233a446f1ba203d2c99e0f

                    SHA1

                    3fa185e11ee45123b113f67b2433217067724668

                    SHA256

                    b75a80fc32b8abfe0633d0616873e35beb70e59caaf06b54f4563fba2e908a74

                    SHA512

                    2e3ced8e98c68a36944b6fb273c0839739b2c9e084ae6ea4c5b8f34d0ee2f179d1003356efb9ad264e71646d4ed5ccf78ccdc980a745752be2a70f0ea06cde71

                    Download Submit

                  • \Program Files\Windows Media Player\a\b\9\d\b\5\f\a\1\5\6\2\e\c\8\f\5\d\6\3\2\c\b\5\c\b\2\6\9\3\a\4\autorun.inf\svchost.exe¡¡
                    Filesize

                    1.2MB

                    MD5

                    abf01f37f3233a446f1ba203d2c99e0f

                    SHA1

                    3fa185e11ee45123b113f67b2433217067724668

                    SHA256

                    b75a80fc32b8abfe0633d0616873e35beb70e59caaf06b54f4563fba2e908a74

                    SHA512

                    2e3ced8e98c68a36944b6fb273c0839739b2c9e084ae6ea4c5b8f34d0ee2f179d1003356efb9ad264e71646d4ed5ccf78ccdc980a745752be2a70f0ea06cde71

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\E_N4\Md5.fne
                    Filesize

                    28KB

                    MD5

                    992322b55f2684fe4c83b8e94dd54adb

                    SHA1

                    0990c5d0da44f3dfa45208c8d7d6ca27614dc165

                    SHA256

                    d3204ab23cfb93ec59c26624b46c436da7545bb91cbca0d9801b8e3ac0df3ead

                    SHA512

                    471ae13171f3f15f53126b04ada3157b4d194cec2d6b14502b1ea17962b163360f7e6a60187c1d15795c61955a64b19c1c68fcc5af6c7ee80ba3be6af1dcbf5b

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\E_N4\Md5.fne
                    Filesize

                    28KB

                    MD5

                    992322b55f2684fe4c83b8e94dd54adb

                    SHA1

                    0990c5d0da44f3dfa45208c8d7d6ca27614dc165

                    SHA256

                    d3204ab23cfb93ec59c26624b46c436da7545bb91cbca0d9801b8e3ac0df3ead

                    SHA512

                    471ae13171f3f15f53126b04ada3157b4d194cec2d6b14502b1ea17962b163360f7e6a60187c1d15795c61955a64b19c1c68fcc5af6c7ee80ba3be6af1dcbf5b

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
                    Filesize

                    332KB

                    MD5

                    3102c454a9543e58fe3ad5f783f5a690

                    SHA1

                    dc98fe9c47b1b4123ebe5e0132c0ba2d391570e9

                    SHA256

                    039670ca85824d4850e737a308aa8e628c83551a21711d549b17068fbdb2d9d9

                    SHA512

                    5b3218804054f0a3c24f3705c4902f333db0fc7b39aa81c2b71fefa0bc7d2a2ded14a13ab01ef3627889ff167ee7f565401ad0e5b5c9697d40f14f67228b9807

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
                    Filesize

                    1.0MB

                    MD5

                    4b30dbe1a79b2b7572ff637cb3765ced

                    SHA1

                    b08eba0e9bdb62d426db8d2b3d451152a56f79a1

                    SHA256

                    4208bdf90e97398a452d459d89562bda361bc6e911a385c4e31481a776f69e6d

                    SHA512

                    40e99c4a9d160a734a1675d75209dd88c7389c95cf0d0b6101f7e9edb2f3ebfe85e7170f0f4bae8a2e9533048bd5ecd414797b02ef257aecd90431f0c29ccfce

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
                    Filesize

                    1.0MB

                    MD5

                    4b30dbe1a79b2b7572ff637cb3765ced

                    SHA1

                    b08eba0e9bdb62d426db8d2b3d451152a56f79a1

                    SHA256

                    4208bdf90e97398a452d459d89562bda361bc6e911a385c4e31481a776f69e6d

                    SHA512

                    40e99c4a9d160a734a1675d75209dd88c7389c95cf0d0b6101f7e9edb2f3ebfe85e7170f0f4bae8a2e9533048bd5ecd414797b02ef257aecd90431f0c29ccfce

                    Download Submit

                  • memory/664-30-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-33-0x00000000003F0000-0x00000000003F1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/664-43-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-42-0x00000000002D0000-0x00000000002D2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/664-49-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-54-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-57-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-64-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-67-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-38-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-37-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-34-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-0-0x0000000000400000-0x0000000000473000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/664-146-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-36-0x00000000003F0000-0x00000000003F1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/664-44-0x00000000002D0000-0x00000000002D2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/664-153-0x00000000002D0000-0x00000000002D2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/664-209-0x0000000000400000-0x0000000000473000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/664-32-0x00000000002D0000-0x00000000002D2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/664-176-0x0000000005460000-0x00000000054D3000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/664-161-0x0000000005460000-0x00000000054D3000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/664-26-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-210-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-23-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-20-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-9-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-19-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/664-10-0x0000000001DE0000-0x0000000002E6E000-memory.dmp

                    Filesize

                    16.6MB

                    Download

                  • memory/1112-21-0x0000000000210000-0x0000000000212000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1216-135-0x00000000003F0000-0x00000000003F2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1216-202-0x00000000003F0000-0x00000000003F2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1216-137-0x0000000000400000-0x0000000000401000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1564-208-0x0000000000400000-0x0000000000473000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/1564-181-0x0000000002170000-0x00000000021D3000-memory.dmp

                    Filesize

                    396KB

                    Download

                  • memory/1564-163-0x0000000000400000-0x0000000000473000-memory.dmp

                    Filesize

                    460KB

                    Download

                  • memory/1732-200-0x0000000000010000-0x0000000000012000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1732-162-0x0000000000080000-0x0000000000081000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1732-175-0x0000000000010000-0x0000000000012000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2580-178-0x00000000001F0000-0x00000000001F2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2580-148-0x00000000001F0000-0x00000000001F2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2580-145-0x0000000000200000-0x0000000000201000-memory.dmp

                    Filesize

                    4KB

                    Download