Overview

overview

10

Static

static

3

6d32dfe6f6...db.exe

windows7-x64

10

6d32dfe6f6...db.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2025 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edb.exe

  • Size

    716KB

  • MD5

    0fd8dfe492b9ddd2491d3e59d8fd8fb8

  • SHA1

    69dc45799b9b733937b3c3d271406b6d8a19630c

  • SHA256

    6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edb

  • SHA512

    407a85603880d3d6ce67c80e785239c92df7035d4b64007f1210e70df2d0a5a52d12e94534a7c59cf461c0c3d50511ecc4b14fe550c79098dd86d3e47fcbe5ab

  • SSDEEP

    12288:9Hg3POWGRghDRUi/KsDj+Ea/TjOebZ3f2yeDOUCVh7XLvd/:9HAOr2/jcbyAZfzv7t

Score
10/10
ramnitsalitybackdoorbankerdefense_evasiondiscoveryspywarestealertrojanupxworm

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    defense_evasion
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    defense_evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    defense_evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • System policy modification 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1120
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1184
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1236
          • C:\Users\Admin\AppData\Local\Temp\6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edb.exe
            "C:\Users\Admin\AppData\Local\Temp\6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edb.exe"
            2⤵
            • Modifies firewall policy service
            • UAC bypass
            • Windows security bypass
            • Loads dropped DLL
            • Windows security modification
            • Checks whether UAC is enabled
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1252
            • C:\Users\Admin\AppData\Local\Temp\6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edbSrv.exe
              C:\Users\Admin\AppData\Local\Temp\6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edbSrv.exe
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3044
              • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                4⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:2788
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  5⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:2492
                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
                    6⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:2260
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1288
          • C:\Windows\system32\conhost.exe
            \??\C:\Windows\system32\conhost.exe "1423069948-111353253025363591220905885823141143191315224668-873225371-211879618"
            1⤵
              PID:1980

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              c4c2bd3884295a0e0967b974e22c61bc

              SHA1

              74fe3856bfb1697ff9a8f44bf07ebf2104c1590d

              SHA256

              4ae5bc41b53260f39c05a424bc6d5ad826d7707f08e8121eef483c0b6dbe57f3

              SHA512

              2976e091fcfaca4cf9ef9ec859a83e045a358e42f186af9406c1900a997aab3bbdf91f6a3f1d48a899a2f9d2e15e6a70bbf4ccc4418383062807aecabe4f2ba3

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              79acafd18465db59a3e4c25286522e4b

              SHA1

              69cca5baddf09d45a736aaf8d920e8a96460e45b

              SHA256

              ba7ba4a4817868a3b77e70c4ddce5c557a80ad5c7157d26a694f5691eb4f9b6d

              SHA512

              e0bb41278922d1f41d7f2bf7626350850605fff21634d488455989756508b16a8dff42d0f2b57409a7a9c20616753dcd88678b6d8ac64955287ad4fbdfdc0f6b

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              5f80e99fe21906300c20d95ed50329c0

              SHA1

              7aaa2ee12a3cfb53c13dff9f0bdfe1b5fde3cd12

              SHA256

              f9c2955aec0a7e58636cafb3e9750673980068f7d3020e39e80926390ec56652

              SHA512

              3a6367195fb00963563b3e693aa95cfc84e683013cd620526793013352c7b27be91d27db38e356a86886927f767ed1680cb202218e92d779359f4a9c96316938

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              a192cf0cff7d1e4dad649b7317fbd634

              SHA1

              b59fdad3dc498cdad36bd4b506a4eb258994be28

              SHA256

              5255cf71336d770e2e053585fc659cfe382a21c67ad98c9bd53528b2d9e278d1

              SHA512

              dcab83b89d5dd80facdc09f5c0467ff0789398fab7a7c737213a5045aa99ba98a52c4b9a92c7214bdca955b4d69a2fb965f5f3d6acd0c091eda92198e42a2c0d

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              d2635e2d6e43023168e06c390d1e481b

              SHA1

              8b59ed16fd5a3e1906a254ebf2ba70e5353b25ed

              SHA256

              840b6b1e4fc18f2b52be97032816ab6f9209b0a8a61f9a69c7848c38672cb5b8

              SHA512

              7ee0a35f3219ed1f87108e39f16ec034e8ec4a9c90b6c95521e011ef949b04d786c0c26c275c18c4924f356020a8e30071d5776975f2ae507774f1e2e818c01c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              dfd374db55d3da79415af1ddeabd98ad

              SHA1

              734bfef6480afaad221ad3dfae4b689f3bf69771

              SHA256

              a6c6acd3fa2f266aa8fdcdaa533fd67a531d15b46e0a314fc296e64154c5f58a

              SHA512

              183463ddd329d49cffee2cd12b32a77d9b2db4faa96194e0800408bb91265e89f58cdb48389cba2a9a0c23a7a6800f9c3a7140c6e598fa07520afa6be2288ea1

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              b7a1f6166852eb437301fe97f3dbfe4b

              SHA1

              b9c258f59dadce87c814af4a719c90d6e278024e

              SHA256

              fec0b9f1bbc923159195cdfa68bed9718d02c6bbd232e1452be95f0d76bc5e48

              SHA512

              0181be9f28916ebf8390612cfbe33c7170b8c690e9e650cd10da419cedb48ee78e9a9faeee7a176d00c95370ce0ca373e90e79e6bafa195aebc05b6ff295a937

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              b058094c98abab9fa767bee9a3e7540a

              SHA1

              37c030a0767294338bae762d2c7fe8653ccbd2a0

              SHA256

              30d00dc8922e91b09284f8269a703e29e0cd30478cae8c16bbeadaaac208a35e

              SHA512

              7cff5090a44abe1762c8b1fac97f6b3787078fc65ab202574f0c44f21d851fcf9867f358be8aa0ce657d2fa865cc2bebd94215c92d3a4477b18c22f73006cc95

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              47b2e22db5a9962c9b0e5905db3cc473

              SHA1

              248ba626886794d3d72f4ec2eda9e8c0089d72f4

              SHA256

              aa4d2ef103ec4d297b5d2b2959c34d5d2b9e55673e5fdb058bc802b225a69be7

              SHA512

              e4cf9dc9e9e0fd9a342f85c8eac007fed4270b67f64c2b61aca376358a2d387ca5465b23d2fd4cfd8671281d2109f028bdecd9371e16f3697fbc5c88aa250ba4

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              d515de2051c66aee04e6e16115029e01

              SHA1

              5218d3eae11677a98d83ddee410d2cf3911ea2a8

              SHA256

              170aa81479250a49bf153a833fa9a4d4ce9b1066cd82b8e64bab94cc35d11252

              SHA512

              92025ff117e4b9986cd27d7601430cab2f8f553f5eaaad74904378484db5fc684741099ee1217ddcf7ae0e08f6879abf5b4f9f33f928213792caea9e7423290a

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              08a90254cbc141a54681aff1f2a57529

              SHA1

              3fdd91dafc20dbb34749d8c89f87214e5b29c708

              SHA256

              1102fb14067963da24835124338184f7d6d6adcb5d002d968af3d2a26b41806c

              SHA512

              0cded7004259d2b4f36b9f7b2e7d84381dafd08debfb3477fbf9662c03d773259c7ea08deb054dfbb1341a72dbd798e0694f0fa8967e4d45b698068233f52cbf

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              ad5dbe02e8aa64f424c1b0e75eb21be0

              SHA1

              6ce484265c91060a660061f4f8dca7099f1d2a5a

              SHA256

              67089957ec5f7465687c5aef2fc032c140ff7bef2885f1e0c52af2b42800b189

              SHA512

              d51a41b75d17beae1e6205dd2a02a0303ceb74dc1aa85d5738ece0dbfc74fad7b994f1b0fdc35be9cade58c167ae580d7441d33cd8f0e63da0aadfd161064ad3

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              b39f85ea3ea4272e94fd20c81a4d50eb

              SHA1

              84ded255d6803ecc76559ea34f228ec7f7c4ebe9

              SHA256

              eb7a432c55a6c5e4a3e6d69928938bd165185e489dff9635c89f7fd1ec6af94d

              SHA512

              e3c71ce7ceb7f84a6dd8b601b9afbf0c55a5a99b89bd7d3bdd93a3dfb377181616cca706f4ea97a2b599333c25e38181701c03e6b1d0711924291507402be493

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              89bc3057e690d3c90705d911ed78ba81

              SHA1

              2fa5a2d857358df16575dd4f70e898b92740ae83

              SHA256

              ec7748796f36f5a3bcb73068a7a960985943b93d6b5666fb0ee61607197e673b

              SHA512

              45e2c34f84a199ab0c2977a1187fa8a55849cafc5017b4965b1e7e090549766217158e3877ba0e7595d94fb479876a65f375e35360bf0b5f6eaae94343787217

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              e5c0e4dd297018fc7d4e08fcfc6745c1

              SHA1

              2b03c8745a03e37c594abc8da2c3a2ea66d6317f

              SHA256

              6bdcac27de232b5f256474b524fcf9014439adf478f09396255d0d43903e23ea

              SHA512

              9113f3a69273019c0a899bd441db3ecb7899cfda876ed8cf7a7409778a3b333ac636ec27e01b4d362d5cfb9f4e35b55d342000676720b5e961547bc8e8157dcd

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              24538b83e46c54295527d9cb3ea8c168

              SHA1

              b09651f046fbd5a1ba377a3b051f3e9a34cc2e26

              SHA256

              f13c632aac9c55c778cc682b4ab28e51a8e2205d0b3cd43f0fe05661d2040d29

              SHA512

              15e64423a6ea59191fe12e95badbaa059b6a4677552a06b949230ab5256b780253c573e16b13d3ee243750fadb43051ad242f3066991e46fab3323c6bffb8181

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              5b0a004d8dfdcde96c246cbc5ad0e615

              SHA1

              41ec4f86261bacbc6921d01dcaa396066c7d6e26

              SHA256

              c86f3648ec4951710362e8c966ca107d16972daee753d84daa2a5747d6a2ba22

              SHA512

              691e33b0171a520ed750ef70b35396ecf6beb46d69b64104d03d17b5eeca13cad98cd040e9420131f6984d475727140c28b0bc6a8fde233b1b0f4140a41052b2

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              aab87e8dcb8420f899f76d6ae1f4b775

              SHA1

              1a6ea2c6274a524b023cca029eccd62ee11ccfaa

              SHA256

              f12c6ce3fc1357ed33fbe746c762cb2fd8bdac605f1fb79a25f0aa9ec0055afd

              SHA512

              3fd53ba345bab6b7bc1672425b67142f4346df4c94fe939ed126a248aa498d4b664d46e41e1ffc9e5b5ae4092d2d0e5e86aa9b03f5f1a7de091af3daa4cf3d2f

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              5bd76da70d58a1baa8626e7997876fb8

              SHA1

              f9125c40120ceeba5f62a5f089afa8e404c6ca77

              SHA256

              ac2dbc53f3c29317dbfc133b42637591be2af7d3b6da2587db2541494d62b764

              SHA512

              eac9d0b0577e7464939718f5b459f0110e291375b1ff95f1a4cf0c612709d75a6ea08801466d866b7d46bdfe03338d4e0cefc234a818d431e353f67e55b5abd1

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              53d5424602e1cf15820ad5fe7104c337

              SHA1

              1b56ac2ca17d8b0ad3c875c4ffe45ab6cb7bd251

              SHA256

              9650fd230361e8e42893b726d90d6ae177a06cfeb0229663633e5dae8b382c43

              SHA512

              a849162358550183dc6569fab433d84d92d1eb56b024497811811e12239c6b0a434d55c396a1d32e6644b3021c5363c30b6088422ae4105ecbf8123428369b77

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\6d32dfe6f6fd4b5bfb4269bcbc6685b39d12d96fd77b862c981da01243469edbSrv.exe
              Filesize

              55KB

              MD5

              ff5e1f27193ce51eec318714ef038bef

              SHA1

              b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

              SHA256

              fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

              SHA512

              c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\CabBDF4.tmp
              Filesize

              70KB

              MD5

              49aebf8cbd62d92ac215b2923fb1b9f5

              SHA1

              1723be06719828dda65ad804298d0431f6aff976

              SHA256

              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

              SHA512

              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\TarBEA4.tmp
              Filesize

              181KB

              MD5

              4ea6026cf93ec6338144661bf1202cd1

              SHA1

              a1dec9044f750ad887935a01430bf49322fbdcb7

              SHA256

              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

              SHA512

              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\pdk-Admin\0a319eb1d56bb802d29db7b0882b0d4b\perl58.dll
              Filesize

              796KB

              MD5

              0a319eb1d56bb802d29db7b0882b0d4b

              SHA1

              538b7d475d5a068b98afc6a98bef349d72b16d0f

              SHA256

              37c38a5e0d85cb10ff6f68829bc848b27f312e7d95d4c8edcc0fb85366477b7f

              SHA512

              e6b0f96b58da2e80ca729cb84489b1716e231ddeef66939c1762afc6b5d3914bfd6727041fc170e2f9964edb0b53bd3b4a8ef2fbb81289984898bd703b617ad8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\pdk-Admin\75f29543113df21eb90d1aefa0207222\Socket.dll
              Filesize

              32KB

              MD5

              75f29543113df21eb90d1aefa0207222

              SHA1

              48a224022b8a9c0a35e703adf26f87929395e6ee

              SHA256

              6a36a40cd624891dfea7131b62c5ee6fcb4cf5d3ba4022cc47a58486dd17b111

              SHA512

              39689701e0c051020285c76335c6164b57541a3c35d15048ce4606496fca3f237925a29489992181f61dc05beddb6f78114a759efcfebdd970aa94ed0a2c0e87

              Download Submit

            • memory/1120-31-0x00000000001D0000-0x00000000001D2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1252-24-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-15-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-26-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-16-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-70-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-71-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-73-0x00000000002C0000-0x00000000002C2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1252-87-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-86-0x0000000000400000-0x00000000004BA000-memory.dmp

              Filesize

              744KB

              Download

            • memory/1252-5-0x0000000000260000-0x000000000028E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/1252-19-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-25-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-40-0x00000000002C0000-0x00000000002C2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1252-41-0x00000000003F0000-0x00000000003F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1252-43-0x00000000003F0000-0x00000000003F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1252-8-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-69-0x00000000002C0000-0x00000000002C2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1252-23-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-56-0x0000000000400000-0x00000000004BA000-memory.dmp

              Filesize

              744KB

              Download

            • memory/1252-22-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-0-0x0000000000400000-0x00000000004BA000-memory.dmp

              Filesize

              744KB

              Download

            • memory/1252-27-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1252-28-0x0000000001E70000-0x0000000002F2A000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/2788-66-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/2788-64-0x00000000001D0000-0x00000000001D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3044-50-0x0000000000240000-0x0000000000242000-memory.dmp

              Filesize

              8KB

              Download

            • memory/3044-49-0x0000000000290000-0x0000000000291000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3044-30-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/3044-60-0x0000000000240000-0x0000000000242000-memory.dmp

              Filesize

              8KB

              Download

            • memory/3044-29-0x0000000000230000-0x000000000023F000-memory.dmp

              Filesize

              60KB

              Download

            • memory/3044-7-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download