Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 13:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353.exe

  • Size

    203KB

  • MD5

    eb016da9d7abf324a337572e29acabe3

  • SHA1

    d663cb7bb5db5304ff879c455a126936974cd9e3

  • SHA256

    944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353

  • SHA512

    14db0ef09d49ad3894a4af30134c5c1f6dbe102c56d0890a842c15775302ec4b10a9a07fb507d4e199adc7433c849489325e363f6baf38acb8f4a734d6154054

  • SSDEEP

    6144:LAZQlW4KTuGQo6H5DKN8zfygUvGlcEkLqiB3:kWlW4KaG7N8zfqvOeh

Score
10/10
djvugluptebalummasmokeloaderpub1backdoordiscoverydropperevasionloaderpersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Extracted

Family

djvu

C2

http://sajdfue.com/test1/get.php

Attributes
  • extension

    .vook

  • offline_id

    1eSPzWRaNslCgtjBZfL5pzvovoiaVI4IZSnvAwt1

  • payload_url

    http://sdfjhuz.com/dl/build2.exe

    http://sajdfue.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Do not ask assistants from youtube and recovery data sites for help in recovering your data. They can use your free decryption quota and scam you. Our contact is emails in this text document only. You can get and look video overview decrypt tool: https://wetransfer.com/downloads/3ed7a617738550b0a00c5aa231c0752020240316170955/d71ce1 Price of private key and decrypt software is $999. Discount 50% available if you contact us first 72 hours, that's price for you is $499. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0857PsawqS

rsa_pubkey.plain

Extracted

Family

lumma

C2

https://resergvearyinitiani.shop/api

Signatures

  • Detected Djvu ransomware 9 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 7 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353.exe
    "C:\Users\Admin\AppData\Local\Temp\944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4568
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8C61.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
      2⤵
        PID:5908
    • C:\Users\Admin\AppData\Local\Temp\AB64.exe
      C:\Users\Admin\AppData\Local\Temp\AB64.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:5116
      • C:\Users\Admin\AppData\Local\Temp\AB64.exe
        C:\Users\Admin\AppData\Local\Temp\AB64.exe
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:832
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\53323aa3-bcff-4f91-bef4-6695745fec05" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          3⤵
          • Modifies file permissions
          PID:3816
        • C:\Users\Admin\AppData\Local\Temp\AB64.exe
          "C:\Users\Admin\AppData\Local\Temp\AB64.exe" --Admin IsNotAutoStart IsNotTask
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:3008
          • C:\Users\Admin\AppData\Local\Temp\AB64.exe
            "C:\Users\Admin\AppData\Local\Temp\AB64.exe" --Admin IsNotAutoStart IsNotTask
            4⤵
            • Executes dropped EXE
            PID:2888
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 568
              5⤵
              • Program crash
              PID:4508
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2888 -ip 2888
      1⤵
        PID:1592
      • C:\Users\Admin\AppData\Local\Temp\3565.exe
        C:\Users\Admin\AppData\Local\Temp\3565.exe
        1⤵
        • Executes dropped EXE
        PID:4068
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3F97.bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Windows\system32\reg.exe
          reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
          2⤵
            PID:2736
        • C:\Users\Admin\AppData\Local\Temp\758D.exe
          C:\Users\Admin\AppData\Local\Temp\758D.exe
          1⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:2740
          • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
            C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
            2⤵
              PID:4768
          • C:\Users\Admin\AppData\Local\Temp\9153.exe
            C:\Users\Admin\AppData\Local\Temp\9153.exe
            1⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2064
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              2⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:5212
            • C:\Users\Admin\AppData\Local\Temp\9153.exe
              "C:\Users\Admin\AppData\Local\Temp\9153.exe"
              2⤵
                PID:3660
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -nologo -noprofile
                  3⤵
                    PID:2240
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                    3⤵
                      PID:624
                      • C:\Windows\system32\netsh.exe
                        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                        4⤵
                        • Modifies Windows Firewall
                        PID:5792
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      powershell -nologo -noprofile
                      3⤵
                        PID:3208
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                    • Modifies Installed Components in the registry
                    • Enumerates connected drives
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:676
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:5176
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4680
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:1388
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4068
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4524

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Reconnaissance

                                  Resource Development

                                  Initial Access

                                  Execution

                                  Persistence

                                  Boot or Logon Autostart Execution

                                  2
                                  T1547

                                  Registry Run Keys / Startup Folder

                                  2
                                  T1547.001

                                  Create or Modify System Process

                                  1
                                  T1543

                                  Windows Service

                                  1
                                  T1543.003

                                  Privilege Escalation

                                  Boot or Logon Autostart Execution

                                  2
                                  T1547

                                  Registry Run Keys / Startup Folder

                                  2
                                  T1547.001

                                  Create or Modify System Process

                                  1
                                  T1543

                                  Windows Service

                                  1
                                  T1543.003

                                  Defense Evasion

                                  File and Directory Permissions Modification

                                  1
                                  T1222

                                  Impair Defenses

                                  1
                                  T1562

                                  Disable or Modify System Firewall

                                  1
                                  T1562.004

                                  Modify Registry

                                  2
                                  T1112

                                  Credential Access

                                  Unsecured Credentials

                                  3
                                  T1552

                                  Credentials In Files

                                  3
                                  T1552.001

                                  Discovery

                                  Peripheral Device Discovery

                                  2
                                  T1120

                                  Query Registry

                                  5
                                  T1012

                                  System Information Discovery

                                  4
                                  T1082

                                  Lateral Movement

                                  Collection

                                  Data from Local System

                                  3
                                  T1005

                                  Command and Control

                                  Web Service

                                  1
                                  T1102

                                  Exfiltration

                                  Impact

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                    Filesize

                                    471B

                                    MD5

                                    59e81183e22d6940a35f6ed67fd7284f

                                    SHA1

                                    f89e79506bb55e28e917700270d43ced58a3f359

                                    SHA256

                                    1f5e75b95a0642292425b320843958d8f55ff50f8a5556ac85d325b14e62521d

                                    SHA512

                                    afffc6628906c57cf29ecac595978793c182389734178dc2c73bf839a42f877cd6541fd5419670b415f14ed7a3c3e0256b48f9f43636c2d96f513fe1d2326257

                                    Download Submit

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                    Filesize

                                    412B

                                    MD5

                                    9ef41884b64a9364e7148f03fef07f1e

                                    SHA1

                                    49a551bcd0a11da8fd579ab1750b1bd2d1ee90c4

                                    SHA256

                                    1702f74485a32c3a75fe47241347118c72da60c0d8f257604f952bbad9738200

                                    SHA512

                                    2acfb11b2c5afa964e02335aa0d4934aa1a1849b02482696fb2e53d46bc2238a97aeb5a1ec5c9d590b4c1c25e18ee0b5571b2ad8ae3782050a8e433943fdedf8

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\3565.exe
                                    Filesize

                                    6.5MB

                                    MD5

                                    9e52aa572f0afc888c098db4c0f687ff

                                    SHA1

                                    ef7c2bb222e69ad0e10c8686eb03dcbee7933c2b

                                    SHA256

                                    4a40f9d491f09521f4b0c6076a0eb488f6d8e1cf4b67aa6569c2ccce13556443

                                    SHA512

                                    d0991e682ae8c954721e905753b56c01f91b85313beb9996331793c3efa8acc13d574ef5ba44853ecc3e05822931ed655bad1924fa11b774a43e015f42185f62

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\758D.exe
                                    Filesize

                                    30.6MB

                                    MD5

                                    ff35671d54d612772b0c22c141a3056e

                                    SHA1

                                    d005a27cd48556bf17eb9c2b43af49b67347cc0e

                                    SHA256

                                    2f625ea35f82332c639049c4a849f39cd2b74acb013880d156a2f647497c2512

                                    SHA512

                                    9a40a657f196036ef07c410db225f7a023f7299abc078cefd5d97489e7359ce9c640d72b98fedbf3f11ebaba1987b0acd5c7892b1ba5b5ae18709037df45790e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\8C61.bat
                                    Filesize

                                    77B

                                    MD5

                                    55cc761bf3429324e5a0095cab002113

                                    SHA1

                                    2cc1ef4542a4e92d4158ab3978425d517fafd16d

                                    SHA256

                                    d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a

                                    SHA512

                                    33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\9153.exe
                                    Filesize

                                    4.1MB

                                    MD5

                                    f3023cf0027501c0057cc293d3c792ef

                                    SHA1

                                    fce12239da0220dde68c849b94d8c670af1b5e77

                                    SHA256

                                    7a61ec57a9de30633d3d8d8ce8708cc5c68179c2d42dd49dff3412914b9e52d5

                                    SHA512

                                    6dfb815413d92745c6845046be2f0ac6325d7ab7510e757916d9c116b144634785ee82d5fc07af7f46310d3bd5b09b8bc9c79aca9d0c0b09fd09f112099fba07

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\AB64.exe
                                    Filesize

                                    732KB

                                    MD5

                                    749217bd5f268d2f54c5d02d627fe10e

                                    SHA1

                                    e81514968944cfbed9d6423511110b7b0c512427

                                    SHA256

                                    0b1256495e7d8847609ec5e99abe92c92a0126e7d54fbd1e862649f27699a5cc

                                    SHA512

                                    eb9df2906b2be66d9b0076d7aff44900dff0b76cf0fddc8b6da08084d53b05aacf2e09664a085a0f8358889a2f667811445b9fc10f0075ae1fdf879b97366388

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ykioacwz.ur2.ps1
                                    Filesize

                                    60B

                                    MD5

                                    d17fe0a3f47be24a6453e9ef58c94641

                                    SHA1

                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                    SHA256

                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                    SHA512

                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                    Download Submit

                                  • memory/832-24-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/832-25-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/832-26-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/832-36-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/832-22-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/2064-347-0x0000000000400000-0x0000000000D1C000-memory.dmp

                                    Filesize

                                    9.1MB

                                    Download

                                  • memory/2740-417-0x00007FF7E7F60000-0x00007FF7E9EAC000-memory.dmp

                                    Filesize

                                    31.3MB

                                    Download

                                  • memory/2740-343-0x00007FF7E7F60000-0x00007FF7E9EAC000-memory.dmp

                                    Filesize

                                    31.3MB

                                    Download

                                  • memory/2888-45-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/2888-43-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/2888-42-0x0000000000400000-0x0000000000537000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/3008-39-0x0000000002220000-0x00000000022B4000-memory.dmp

                                    Filesize

                                    592KB

                                    Download

                                  • memory/3608-337-0x0000000002500000-0x0000000002501000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/3608-4-0x0000000004340000-0x0000000004356000-memory.dmp

                                    Filesize

                                    88KB

                                    Download

                                  • memory/4068-85-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-102-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-63-0x0000000003800000-0x0000000003801000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-64-0x0000000000AA0000-0x0000000001785000-memory.dmp

                                    Filesize

                                    12.9MB

                                    Download

                                  • memory/4068-65-0x0000000000AA0000-0x0000000001785000-memory.dmp

                                    Filesize

                                    12.9MB

                                    Download

                                  • memory/4068-66-0x0000000003810000-0x0000000003811000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-67-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-68-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-69-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-70-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-71-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-72-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-73-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-74-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-75-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-76-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-77-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-78-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-79-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-80-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-81-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-82-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-83-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-84-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-61-0x00000000037E0000-0x00000000037E1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-86-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-91-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-92-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-93-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-94-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-95-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-98-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-97-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-100-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-99-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-96-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-101-0x0000000004480000-0x0000000004580000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4068-62-0x00000000037F0000-0x00000000037F1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-103-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-106-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-104-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-105-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-107-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-108-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-109-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-110-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-111-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-112-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-113-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-114-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-115-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-116-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-117-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-118-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-119-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-120-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-121-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-122-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-123-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-124-0x0000000004580000-0x0000000004581000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-60-0x00000000037D0000-0x00000000037D1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-59-0x00000000037A0000-0x00000000037A1000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-57-0x0000000003790000-0x0000000003791000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4068-58-0x0000000000AA0000-0x0000000001785000-memory.dmp

                                    Filesize

                                    12.9MB

                                    Download

                                  • memory/4068-52-0x0000000000AA0000-0x0000000001785000-memory.dmp

                                    Filesize

                                    12.9MB

                                    Download

                                  • memory/4568-5-0x0000000000400000-0x0000000000536000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/4568-3-0x00000000005C0000-0x00000000005CB000-memory.dmp

                                    Filesize

                                    44KB

                                    Download

                                  • memory/4568-2-0x0000000000400000-0x0000000000536000-memory.dmp

                                    Filesize

                                    1.2MB

                                    Download

                                  • memory/4568-1-0x0000000000600000-0x0000000000700000-memory.dmp

                                    Filesize

                                    1024KB

                                    Download

                                  • memory/4768-414-0x0000000001070000-0x00000000010BB000-memory.dmp

                                    Filesize

                                    300KB

                                    Download

                                  • memory/4768-416-0x0000000001070000-0x00000000010BB000-memory.dmp

                                    Filesize

                                    300KB

                                    Download

                                  • memory/5116-20-0x0000000002290000-0x0000000002325000-memory.dmp

                                    Filesize

                                    596KB

                                    Download

                                  • memory/5116-21-0x0000000002330000-0x000000000244B000-memory.dmp

                                    Filesize

                                    1.1MB

                                    Download