Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353.exe

  • Size

    203KB

  • MD5

    eb016da9d7abf324a337572e29acabe3

  • SHA1

    d663cb7bb5db5304ff879c455a126936974cd9e3

  • SHA256

    944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353

  • SHA512

    14db0ef09d49ad3894a4af30134c5c1f6dbe102c56d0890a842c15775302ec4b10a9a07fb507d4e199adc7433c849489325e363f6baf38acb8f4a734d6154054

  • SSDEEP

    6144:LAZQlW4KTuGQo6H5DKN8zfygUvGlcEkLqiB3:kWlW4KaG7N8zfqvOeh

Score
10/10
djvugluptebalummasmokeloaderpub1backdoordiscoverydropperevasionloaderpersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Extracted

Family

djvu

C2

http://sajdfue.com/test1/get.php

Attributes
  • extension

    .vook

  • offline_id

    1eSPzWRaNslCgtjBZfL5pzvovoiaVI4IZSnvAwt1

  • payload_url

    http://sdfjhuz.com/dl/build2.exe

    http://sajdfue.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Do not ask assistants from youtube and recovery data sites for help in recovering your data. They can use your free decryption quota and scam you. Our contact is emails in this text document only. You can get and look video overview decrypt tool: https://wetransfer.com/downloads/3ed7a617738550b0a00c5aa231c0752020240316170955/d71ce1 Price of private key and decrypt software is $999. Discount 50% available if you contact us first 72 hours, that's price for you is $499. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: support@freshingmail.top Reserve e-mail address to contact us: datarestorehelpyou@airmail.cc Your personal ID: 0857PsawqS

rsa_pubkey.plain

Extracted

Family

lumma

C2

https://resergvearyinitiani.shop/api

Signatures

  • Detected Djvu ransomware 9 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 7 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353.exe
    "C:\Users\Admin\AppData\Local\Temp\944704d6eaf814cbeeb67c321251c959ec9bc6e0616aff436d1e17d5574d5353.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4568
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8C61.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
      2⤵
        PID:5908
    • C:\Users\Admin\AppData\Local\Temp\AB64.exe
      C:\Users\Admin\AppData\Local\Temp\AB64.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:5116
      • C:\Users\Admin\AppData\Local\Temp\AB64.exe
        C:\Users\Admin\AppData\Local\Temp\AB64.exe
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:832
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\53323aa3-bcff-4f91-bef4-6695745fec05" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          3⤵
          • Modifies file permissions
          PID:3816
        • C:\Users\Admin\AppData\Local\Temp\AB64.exe
          "C:\Users\Admin\AppData\Local\Temp\AB64.exe" --Admin IsNotAutoStart IsNotTask
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:3008
          • C:\Users\Admin\AppData\Local\Temp\AB64.exe
            "C:\Users\Admin\AppData\Local\Temp\AB64.exe" --Admin IsNotAutoStart IsNotTask
            4⤵
            • Executes dropped EXE
            PID:2888
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 568
              5⤵
              • Program crash
              PID:4508
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2888 -ip 2888
      1⤵
        PID:1592
      • C:\Users\Admin\AppData\Local\Temp\3565.exe
        C:\Users\Admin\AppData\Local\Temp\3565.exe
        1⤵
        • Executes dropped EXE
        PID:4068
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3F97.bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Windows\system32\reg.exe
          reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
          2⤵
            PID:2736
        • C:\Users\Admin\AppData\Local\Temp\758D.exe
          C:\Users\Admin\AppData\Local\Temp\758D.exe
          1⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:2740
          • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
            C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
            2⤵
              PID:4768
          • C:\Users\Admin\AppData\Local\Temp\9153.exe
            C:\Users\Admin\AppData\Local\Temp\9153.exe
            1⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2064
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              2⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:5212
            • C:\Users\Admin\AppData\Local\Temp\9153.exe
              "C:\Users\Admin\AppData\Local\Temp\9153.exe"
              2⤵
                PID:3660
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -nologo -noprofile
                  3⤵
                    PID:2240
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                    3⤵
                      PID:624
                      • C:\Windows\system32\netsh.exe
                        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                        4⤵
                        • Modifies Windows Firewall
                        PID:5792
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      powershell -nologo -noprofile
                      3⤵
                        PID:3208
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                    • Modifies Installed Components in the registry
                    • Enumerates connected drives
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:676
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:5176
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4680
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:1388
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4068
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4524

                            Network

                            MITRE ATT&CK Matrix ATT&CK v13

                            Initial Access

                            Execution

                            Persistence

                            Boot or Logon Autostart Execution

                            2
                            T1547

                            Registry Run Keys / Startup Folder

                            2
                            T1547.001

                            Create or Modify System Process

                            1
                            T1543

                            Windows Service

                            1
                            T1543.003

                            Privilege Escalation

                            Boot or Logon Autostart Execution

                            2
                            T1547

                            Registry Run Keys / Startup Folder

                            2
                            T1547.001

                            Create or Modify System Process

                            1
                            T1543

                            Windows Service

                            1
                            T1543.003

                            Defense Evasion

                            Modify Registry

                            2
                            T1112

                            Impair Defenses

                            1
                            T1562

                            Disable or Modify System Firewall

                            1
                            T1562.004

                            File and Directory Permissions Modification

                            1
                            T1222

                            Credential Access

                            Unsecured Credentials

                            3
                            T1552

                            Credentials In Files

                            3
                            T1552.001

                            Discovery

                            Query Registry

                            5
                            T1012

                            System Information Discovery

                            4
                            T1082

                            Peripheral Device Discovery

                            2
                            T1120

                            Lateral Movement

                            Collection

                            Data from Local System

                            3
                            T1005

                            Exfiltration

                            Command and Control

                            Web Service

                            1
                            T1102

                            Impact

                            Resource Development

                            Reconnaissance

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                              Filesize

                              471B

                              MD5

                              59e81183e22d6940a35f6ed67fd7284f

                              SHA1

                              f89e79506bb55e28e917700270d43ced58a3f359

                              SHA256

                              1f5e75b95a0642292425b320843958d8f55ff50f8a5556ac85d325b14e62521d

                              SHA512

                              afffc6628906c57cf29ecac595978793c182389734178dc2c73bf839a42f877cd6541fd5419670b415f14ed7a3c3e0256b48f9f43636c2d96f513fe1d2326257

                              Download Submit
                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                              Filesize

                              412B

                              MD5

                              9ef41884b64a9364e7148f03fef07f1e

                              SHA1

                              49a551bcd0a11da8fd579ab1750b1bd2d1ee90c4

                              SHA256

                              1702f74485a32c3a75fe47241347118c72da60c0d8f257604f952bbad9738200

                              SHA512

                              2acfb11b2c5afa964e02335aa0d4934aa1a1849b02482696fb2e53d46bc2238a97aeb5a1ec5c9d590b4c1c25e18ee0b5571b2ad8ae3782050a8e433943fdedf8

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\3565.exe
                              Filesize

                              6.5MB

                              MD5

                              9e52aa572f0afc888c098db4c0f687ff

                              SHA1

                              ef7c2bb222e69ad0e10c8686eb03dcbee7933c2b

                              SHA256

                              4a40f9d491f09521f4b0c6076a0eb488f6d8e1cf4b67aa6569c2ccce13556443

                              SHA512

                              d0991e682ae8c954721e905753b56c01f91b85313beb9996331793c3efa8acc13d574ef5ba44853ecc3e05822931ed655bad1924fa11b774a43e015f42185f62

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\758D.exe
                              Filesize

                              30.6MB

                              MD5

                              ff35671d54d612772b0c22c141a3056e

                              SHA1

                              d005a27cd48556bf17eb9c2b43af49b67347cc0e

                              SHA256

                              2f625ea35f82332c639049c4a849f39cd2b74acb013880d156a2f647497c2512

                              SHA512

                              9a40a657f196036ef07c410db225f7a023f7299abc078cefd5d97489e7359ce9c640d72b98fedbf3f11ebaba1987b0acd5c7892b1ba5b5ae18709037df45790e

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\8C61.bat
                              Filesize

                              77B

                              MD5

                              55cc761bf3429324e5a0095cab002113

                              SHA1

                              2cc1ef4542a4e92d4158ab3978425d517fafd16d

                              SHA256

                              d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a

                              SHA512

                              33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\9153.exe
                              Filesize

                              4.1MB

                              MD5

                              f3023cf0027501c0057cc293d3c792ef

                              SHA1

                              fce12239da0220dde68c849b94d8c670af1b5e77

                              SHA256

                              7a61ec57a9de30633d3d8d8ce8708cc5c68179c2d42dd49dff3412914b9e52d5

                              SHA512

                              6dfb815413d92745c6845046be2f0ac6325d7ab7510e757916d9c116b144634785ee82d5fc07af7f46310d3bd5b09b8bc9c79aca9d0c0b09fd09f112099fba07

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\AB64.exe
                              Filesize

                              732KB

                              MD5

                              749217bd5f268d2f54c5d02d627fe10e

                              SHA1

                              e81514968944cfbed9d6423511110b7b0c512427

                              SHA256

                              0b1256495e7d8847609ec5e99abe92c92a0126e7d54fbd1e862649f27699a5cc

                              SHA512

                              eb9df2906b2be66d9b0076d7aff44900dff0b76cf0fddc8b6da08084d53b05aacf2e09664a085a0f8358889a2f667811445b9fc10f0075ae1fdf879b97366388

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ykioacwz.ur2.ps1
                              Filesize

                              60B

                              MD5

                              d17fe0a3f47be24a6453e9ef58c94641

                              SHA1

                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                              SHA256

                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                              SHA512

                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                              Download Submit
                            • memory/832-24-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/832-25-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/832-26-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/832-36-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/832-22-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/2064-347-0x0000000000400000-0x0000000000D1C000-memory.dmp
                              Filesize

                              9.1MB

                              Download
                            • memory/2740-417-0x00007FF7E7F60000-0x00007FF7E9EAC000-memory.dmp
                              Filesize

                              31.3MB

                              Download
                            • memory/2740-343-0x00007FF7E7F60000-0x00007FF7E9EAC000-memory.dmp
                              Filesize

                              31.3MB

                              Download
                            • memory/2888-45-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/2888-43-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/2888-42-0x0000000000400000-0x0000000000537000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/3008-39-0x0000000002220000-0x00000000022B4000-memory.dmp
                              Filesize

                              592KB

                              Download
                            • memory/3608-337-0x0000000002500000-0x0000000002501000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/3608-4-0x0000000004340000-0x0000000004356000-memory.dmp
                              Filesize

                              88KB

                              Download
                            • memory/4068-85-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-102-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-63-0x0000000003800000-0x0000000003801000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-64-0x0000000000AA0000-0x0000000001785000-memory.dmp
                              Filesize

                              12.9MB

                              Download
                            • memory/4068-65-0x0000000000AA0000-0x0000000001785000-memory.dmp
                              Filesize

                              12.9MB

                              Download
                            • memory/4068-66-0x0000000003810000-0x0000000003811000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-67-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-68-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-69-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-70-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-71-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-72-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-73-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-74-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-75-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-76-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-77-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-78-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-79-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-80-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-81-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-82-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-83-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-84-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-61-0x00000000037E0000-0x00000000037E1000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-86-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-91-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-92-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-93-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-94-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-95-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-98-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-97-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-100-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-99-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-96-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-101-0x0000000004480000-0x0000000004580000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4068-62-0x00000000037F0000-0x00000000037F1000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-103-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-106-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-104-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-105-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-107-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-108-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-109-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-110-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-111-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-112-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-113-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-114-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-115-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-116-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-117-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-118-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-119-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-120-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-121-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-122-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-123-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-124-0x0000000004580000-0x0000000004581000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-60-0x00000000037D0000-0x00000000037D1000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-59-0x00000000037A0000-0x00000000037A1000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-57-0x0000000003790000-0x0000000003791000-memory.dmp
                              Filesize

                              4KB

                              Download
                            • memory/4068-58-0x0000000000AA0000-0x0000000001785000-memory.dmp
                              Filesize

                              12.9MB

                              Download
                            • memory/4068-52-0x0000000000AA0000-0x0000000001785000-memory.dmp
                              Filesize

                              12.9MB

                              Download
                            • memory/4568-5-0x0000000000400000-0x0000000000536000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/4568-3-0x00000000005C0000-0x00000000005CB000-memory.dmp
                              Filesize

                              44KB

                              Download
                            • memory/4568-2-0x0000000000400000-0x0000000000536000-memory.dmp
                              Filesize

                              1.2MB

                              Download
                            • memory/4568-1-0x0000000000600000-0x0000000000700000-memory.dmp
                              Filesize

                              1024KB

                              Download
                            • memory/4768-414-0x0000000001070000-0x00000000010BB000-memory.dmp
                              Filesize

                              300KB

                              Download
                            • memory/4768-416-0x0000000001070000-0x00000000010BB000-memory.dmp
                              Filesize

                              300KB

                              Download
                            • memory/5116-20-0x0000000002290000-0x0000000002325000-memory.dmp
                              Filesize

                              596KB

                              Download
                            • memory/5116-21-0x0000000002330000-0x000000000244B000-memory.dmp
                              Filesize

                              1.1MB

                              Download