Overview

overview

10

Static

static

3

77435dd40d...cf.exe

windows7-x64

10

77435dd40d...cf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    23s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-12-2024 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf.exe

  • Size

    2.3MB

  • MD5

    a2c9346724c49126940e5a6ef55e0b02

  • SHA1

    d906af9d21e28d9432456e92e090063504277477

  • SHA256

    77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf

  • SHA512

    737f573b40c50694c566680b1544c14b603cf4fe816cd6734f6ca754f58f37bdd79befd197af63fb4cf673cec3cadbf91f96fdb266946bae9892a06ff1739567

  • SSDEEP

    49152:2Parn/x9Pwrn/POzMQGEvGH7DtN1dwQXalyJ3ns+Parn/x9Pwrn/POzMQGEvGH7k:brn/x9Pwrn/POzMQGEutNjwkaERszrnl

Score
10/10
salitybackdoorbootkitdiscoveryevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 3 TTPs 6 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 64 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops autorun.inf file 1 TTPs 36 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file 38 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 60 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\system32\fontdrvhost.exe
    "fontdrvhost.exe"
    1⤵
      PID:792
    • C:\Windows\system32\fontdrvhost.exe
      "fontdrvhost.exe"
      1⤵
        PID:800
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        1⤵
          PID:380
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2652
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
            1⤵
              PID:2664
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
                PID:2744
              • C:\Windows\Explorer.EXE
                C:\Windows\Explorer.EXE
                1⤵
                  PID:3504
                  • C:\Users\Admin\AppData\Local\Temp\77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf.exe
                    "C:\Users\Admin\AppData\Local\Temp\77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf.exe"
                    2⤵
                    • Modifies WinLogon for persistence
                    • Modifies firewall policy service
                    • UAC bypass
                    • Windows security bypass
                    • Loads dropped DLL
                    • Windows security modification
                    • Checks whether UAC is enabled
                    • Drops desktop.ini file(s)
                    • Writes to the Master Boot Record (MBR)
                    • Drops autorun.inf file
                    • Drops file in Program Files directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    • System policy modification
                    PID:2640
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\CQ.bat
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:1256
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /im qq.exe /f
                        4⤵
                        • System Location Discovery: System Language Discovery
                        • Kills process with taskkill
                        PID:1844
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\temp.bat
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:4428
                      • C:\Windows\SysWOW64\cacls.exe
                        cacls "C:\Program Files\Windows Media Player\0" /d everyone /e
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:4676
                    • C:\Program Files\Windows Media Player\0\e\e\3\7\c\c\5\a\d\e\1\1\9\e\3\b\3\c\8\c\0\2\1\a\2\f\1\6\8\b\4\autorun.inf\svchost.exe¡¡
                      "C:\Program Files\Windows Media Player\0\e\e\3\7\c\c\5\a\d\e\1\1\9\e\3\b\3\c\8\c\0\2\1\a\2\f\1\6\8\b\4\autorun.inf\svchost.exe¡¡" pid 2640"C:\Users\Admin\AppData\Local\Temp\77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf.exe"
                      3⤵
                      • Modifies firewall policy service
                      • UAC bypass
                      • Windows security bypass
                      • Deletes itself
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Windows security modification
                      • Checks whether UAC is enabled
                      • Enumerates connected drives
                      • Drops autorun.inf file
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      • System policy modification
                      PID:4256
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                  1⤵
                    PID:3624
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    1⤵
                      PID:3808
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3900
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        1⤵
                          PID:3960
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4052
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            1⤵
                              PID:4100
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                              1⤵
                                PID:5072
                              • C:\Windows\System32\RuntimeBroker.exe
                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                1⤵
                                  PID:3988

                                Network

                                MITRE ATT&CK Enterprise v15

                                Reconnaissance

                                Resource Development

                                Initial Access

                                Replication Through Removable Media

                                1
                                T1091

                                Execution

                                Persistence

                                Boot or Logon Autostart Execution

                                1
                                T1547

                                Winlogon Helper DLL

                                1
                                T1547.004

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Pre-OS Boot

                                1
                                T1542

                                Bootkit

                                1
                                T1542.003

                                Privilege Escalation

                                Abuse Elevation Control Mechanism

                                1
                                T1548

                                Bypass User Account Control

                                1
                                T1548.002

                                Boot or Logon Autostart Execution

                                1
                                T1547

                                Winlogon Helper DLL

                                1
                                T1547.004

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Defense Evasion

                                Abuse Elevation Control Mechanism

                                1
                                T1548

                                Bypass User Account Control

                                1
                                T1548.002

                                Impair Defenses

                                4
                                T1562

                                Disable or Modify System Firewall

                                1
                                T1562.004

                                Disable or Modify Tools

                                3
                                T1562.001

                                Modify Registry

                                6
                                T1112

                                Pre-OS Boot

                                1
                                T1542

                                Bootkit

                                1
                                T1542.003

                                Credential Access

                                Discovery

                                Peripheral Device Discovery

                                1
                                T1120

                                Query Registry

                                1
                                T1012

                                System Information Discovery

                                3
                                T1082

                                System Location Discovery

                                1
                                T1614

                                System Language Discovery

                                1
                                T1614.001

                                Lateral Movement

                                Replication Through Removable Media

                                1
                                T1091

                                Collection

                                Command and Control

                                Exfiltration

                                Impact

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files\Windows Media Player\0\e\e\3\7\c\c\5\a\d\e\1\1\9\e\3\b\3\c\8\c\0\2\1\a\2\f\1\6\8\b\4\autorun.inf\svchost.exe¡¡
                                  Filesize

                                  2.3MB

                                  MD5

                                  a2c9346724c49126940e5a6ef55e0b02

                                  SHA1

                                  d906af9d21e28d9432456e92e090063504277477

                                  SHA256

                                  77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf

                                  SHA512

                                  737f573b40c50694c566680b1544c14b603cf4fe816cd6734f6ca754f58f37bdd79befd197af63fb4cf673cec3cadbf91f96fdb266946bae9892a06ff1739567

                                  Download Submit

                                • C:\Program Files\Windows Media Player\autorun.inf\desktop.ini
                                  Filesize

                                  65B

                                  MD5

                                  ad0b0b4416f06af436328a3c12dc491b

                                  SHA1

                                  743c7ad130780de78ccbf75aa6f84298720ad3fa

                                  SHA256

                                  23521de51ca1db2bc7b18e41de7693542235284667bf85f6c31902547a947416

                                  SHA512

                                  884cd0cae3b31a594f387dae94fc1e0aacb4fd833f8a3368bdec7de0f9f3dc44337c7318895d9549aad579f95de71ff45e1618e75065a04c7894ad1d0d0eac56

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\0E577908_Rar\77435dd40d7958451986fd967e883cfcec6e60a53e5ed61b871887b8ccf9d1cf.exe
                                  Filesize

                                  1.1MB

                                  MD5

                                  1e76f7a593c48b9535b0fbdf30be48cf

                                  SHA1

                                  f77a1f0cc994f77c05b5f06fa74cbc7da7be7f45

                                  SHA256

                                  1837cd2ad72be689e9d707e9f6eceea8fe85bc73f41fac12243ab61ab074cf8a

                                  SHA512

                                  7080bb16b07caf6110f30eeb1a1e0ad3bf12189fee2afb6cb5a14f8a9211009ce816e3de4507d95cf006a1aef3e85d865552ef1eee6c0a524acdb3828cf5c04d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\CQ.bat
                                  Filesize

                                  30B

                                  MD5

                                  458d6a0f8398f6fa8bda7bb2ba5be353

                                  SHA1

                                  eec02a1cf5047cee3d4dee32ef13498c49a61154

                                  SHA256

                                  66142298d915314ddb48b417e96b48936e71a190d8f7cd8ae5a053cbe2746ddc

                                  SHA512

                                  c4fad6cafa4b17da18f5beceb65f91414c9fa0774c99caeadc87bc44f5faee6425208c78f6f111bec71b2e0cf58922c4bb62a0e3247b2af7699113a76c11c730

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\E_N4\Md5.fne
                                  Filesize

                                  28KB

                                  MD5

                                  992322b55f2684fe4c83b8e94dd54adb

                                  SHA1

                                  0990c5d0da44f3dfa45208c8d7d6ca27614dc165

                                  SHA256

                                  d3204ab23cfb93ec59c26624b46c436da7545bb91cbca0d9801b8e3ac0df3ead

                                  SHA512

                                  471ae13171f3f15f53126b04ada3157b4d194cec2d6b14502b1ea17962b163360f7e6a60187c1d15795c61955a64b19c1c68fcc5af6c7ee80ba3be6af1dcbf5b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
                                  Filesize

                                  332KB

                                  MD5

                                  3102c454a9543e58fe3ad5f783f5a690

                                  SHA1

                                  dc98fe9c47b1b4123ebe5e0132c0ba2d391570e9

                                  SHA256

                                  039670ca85824d4850e737a308aa8e628c83551a21711d549b17068fbdb2d9d9

                                  SHA512

                                  5b3218804054f0a3c24f3705c4902f333db0fc7b39aa81c2b71fefa0bc7d2a2ded14a13ab01ef3627889ff167ee7f565401ad0e5b5c9697d40f14f67228b9807

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne
                                  Filesize

                                  192KB

                                  MD5

                                  c1180974dd8a7c6d9f8fcc13096b4f7a

                                  SHA1

                                  9d50021334248bf0c752b3ed34deed48325da05c

                                  SHA256

                                  5b1ff0cabb2384f4b6385c1acce1d5e3a9d7b8e0403e2224cd1ab9722a599d3d

                                  SHA512

                                  c8b938bf172b9d2ccfaea34ff7cfddc9eaab8a9416a07e458bd34dfed2ea18de66d23dbaa9f15c2faf1009e00a8dfca3168ab41f02ef28e97c9197c3ca6943e9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
                                  Filesize

                                  1.0MB

                                  MD5

                                  4b30dbe1a79b2b7572ff637cb3765ced

                                  SHA1

                                  b08eba0e9bdb62d426db8d2b3d451152a56f79a1

                                  SHA256

                                  4208bdf90e97398a452d459d89562bda361bc6e911a385c4e31481a776f69e6d

                                  SHA512

                                  40e99c4a9d160a734a1675d75209dd88c7389c95cf0d0b6101f7e9edb2f3ebfe85e7170f0f4bae8a2e9533048bd5ecd414797b02ef257aecd90431f0c29ccfce

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\temp.bat
                                  Filesize

                                  72B

                                  MD5

                                  593ce3f439bb49aa3ef95af11b146c18

                                  SHA1

                                  1475674af547f66b3de40d5afde11fcb558a53eb

                                  SHA256

                                  886e68d9e6edb3b9ed472e9990fb9b0822c3be5e4cf6066af986edfac465546b

                                  SHA512

                                  76378b3017f75e0dbbf03a8bedf12b5b80c2d5da7a108ab7024acbbb7deac44ed16e054b53e86f9c8aef210f3a9cb3d1d39e43a698281b92149501c39d863349

                                  Download Submit

                                • C:\Windows\SYSTEM.INI
                                  Filesize

                                  257B

                                  MD5

                                  dba70efe3bc432f992bda513f5fa122c

                                  SHA1

                                  e63ffe75a46b9c537786666f9619d0cf377ec481

                                  SHA256

                                  18fa5d09f27f82e0ab8b2f0d9bc66c5c5f143fab85998865db2f0788d92b88e2

                                  SHA512

                                  ba9f58df9a1cc89c275979483a4f253ed5266f9c123e0f016e0b7f7c974153e4487cfdfc704b4b7e4da7df38a2d23b59bb478d9847aa57686fa374e936377416

                                  Download Submit

                                • F:\fddgxl.exe
                                  Filesize

                                  100KB

                                  MD5

                                  1fca319ec73439b868be35499109e903

                                  SHA1

                                  0bd7f6b50bbb3f8b95b3b4ee5305b85921ed5801

                                  SHA256

                                  061e0a292bad6634f7e26b8c54f86e0e2ab03a9f0b14d01888099638a14427c5

                                  SHA512

                                  feb03120c2317fafdd9030580e9b4f499b7aa104df1606831d35738b83766a8d9fa0175e2d47cdfef4fdce0d47a0ff8d01250381c9aaf044bd575c326d694754

                                  Download Submit

                                • memory/2640-1-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-9-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-25-0x0000000003450000-0x0000000003452000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2640-5-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-16-0x0000000003450000-0x0000000003452000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2640-18-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-15-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-22-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-130-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-20-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-0-0x0000000000400000-0x0000000000474000-memory.dmp

                                  Filesize

                                  464KB

                                  Download

                                • memory/2640-19-0x0000000003450000-0x0000000003452000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2640-125-0x0000000003450000-0x0000000003452000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2640-133-0x0000000000400000-0x0000000000474000-memory.dmp

                                  Filesize

                                  464KB

                                  Download

                                • memory/2640-12-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-21-0x00000000021F0000-0x000000000327E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/2640-17-0x0000000003460000-0x0000000003461000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4256-142-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-172-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-145-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-156-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-147-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-157-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-159-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-162-0x0000000002900000-0x0000000002902000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4256-158-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-161-0x0000000002910000-0x0000000002911000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4256-150-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-118-0x0000000002770000-0x00000000027D3000-memory.dmp

                                  Filesize

                                  396KB

                                  Download

                                • memory/4256-163-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-165-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-166-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-167-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-168-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-139-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-173-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-174-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-175-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-179-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-180-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-181-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-189-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-190-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-193-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-200-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-199-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-203-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-213-0x0000000002B20000-0x0000000003BAE000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4256-106-0x0000000000400000-0x0000000000474000-memory.dmp

                                  Filesize

                                  464KB

                                  Download

                                • memory/4256-241-0x0000000000400000-0x0000000000474000-memory.dmp

                                  Filesize

                                  464KB

                                  Download