Overview

overview

10

Static

static

3

04a56891b3...25.exe

windows7-x64

10

04a56891b3...25.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/02/2025, 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04a56891b310acf9bb0397f078f1ac1c117754423f6ebc76bd2b0c7182cf3825.exe

  • Size

    2.0MB

  • MD5

    190126600c4f0d6f6f75c7bd47081ce9

  • SHA1

    7fce3c146cb29413dcbe133013f7bf760fb3d6d1

  • SHA256

    04a56891b310acf9bb0397f078f1ac1c117754423f6ebc76bd2b0c7182cf3825

  • SHA512

    8ee42e579c04a085bca667cc797b07fe63e26d5379f95d15471c877f26e5f22fb478986c717ecb1871ccbb2758eea7f523f7ce0ab2231b358a17d41223f73384

  • SSDEEP

    49152:vD3uuvkus0w3aGun/cPBdj4i0XP3U5IX+3VfQ:vwqGdcJJX+lfQ

Score
10/10
amadeypovertystealer9c9aa5defense_evasiondiscoveryexecutionspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect Poverty Stealer Payload 1 IoCs
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

    stealerpovertystealer
  • Povertystealer family
    povertystealer
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    defense_evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file 3 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 8 IoCs
  • Identifies Wine through registry keys 2 TTPs 2 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 15 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 4 IoCs
    defense_evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04a56891b310acf9bb0397f078f1ac1c117754423f6ebc76bd2b0c7182cf3825.exe
    "C:\Users\Admin\AppData\Local\Temp\04a56891b310acf9bb0397f078f1ac1c117754423f6ebc76bd2b0c7182cf3825.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Downloads MZ/PE file
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe
        "C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2508
        • C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe
          "C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe"
          4⤵
          • Executes dropped EXE
          PID:2784
        • C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe
          "C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          PID:1912
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 524
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:1352
      • C:\Users\Admin\AppData\Local\Temp\1079996001\DpLKrVb.exe
        "C:\Users\Admin\AppData\Local\Temp\1079996001\DpLKrVb.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:600
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c cls
          4⤵
            PID:2228
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c cls
            4⤵
              PID:1132
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c cls
              4⤵
                PID:1076
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c cls
                4⤵
                  PID:1624
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c cls
                  4⤵
                    PID:1232
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c cls
                    4⤵
                      PID:2960
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c cls
                      4⤵
                        PID:1348
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c cls
                        4⤵
                          PID:1612
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c cls
                          4⤵
                            PID:800
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c cls
                            4⤵
                              PID:1848
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c cls
                              4⤵
                                PID:1696
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c cls
                                4⤵
                                  PID:2568
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c cls
                                  4⤵
                                    PID:1668
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c cls
                                    4⤵
                                      PID:1356
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c cls
                                      4⤵
                                        PID:1396
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c cls
                                        4⤵
                                          PID:1840
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c cls
                                          4⤵
                                            PID:1616
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c cls
                                            4⤵
                                              PID:2192
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c powershell -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\MTSNT'"
                                              4⤵
                                                PID:1652
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  powershell -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\MTSNT'"
                                                  5⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:2376
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c powershell -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                4⤵
                                                  PID:3028
                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    powershell -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                    5⤵
                                                    • Command and Scripting Interpreter: PowerShell
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:692
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c powershell -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData'"
                                                  4⤵
                                                    PID:1676
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      powershell -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData'"
                                                      5⤵
                                                      • Command and Scripting Interpreter: PowerShell
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:1284
                                                • C:\Users\Admin\AppData\Local\Temp\1080595001\w3Xwk4R.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\1080595001\w3Xwk4R.exe"
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • System Location Discovery: System Language Discovery
                                                  PID:1964
                                                  • C:\Windows\Temp\{FC93CC59-8DFD-4D1F-8F93-AC3E6FADCB24}\.cr\w3Xwk4R.exe
                                                    "C:\Windows\Temp\{FC93CC59-8DFD-4D1F-8F93-AC3E6FADCB24}\.cr\w3Xwk4R.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\1080595001\w3Xwk4R.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    PID:1232
                                                • C:\Users\Admin\AppData\Local\Temp\1081341001\0LGvvQO.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\1081341001\0LGvvQO.exe"
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:1280

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              f25ee49ec9877f08de0239c8fd90452e

                                              SHA1

                                              333119c91729e50a7a532c8f7005dd64b8306ae6

                                              SHA256

                                              18dae79eeb83cf777c9ce0a96c751aa805f1088feacfc06c2f687eaa7adf7451

                                              SHA512

                                              45d263f8e2b0967a219fe8e64fe8676abea6ffc36515f797203363e3cecbd21fa5f84af9d78e663704e6d82791ca9b5ffb0fecc16f7e42767f171381b12bbd58

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\1079543001\d39WgNu.exe
                                              Filesize

                                              350KB

                                              MD5

                                              33146ba1e90018714c1efd329be01e5c

                                              SHA1

                                              0a187fd1917718ef135cbf89ec7803f78c9ed192

                                              SHA256

                                              1ed00e7cc3376be1502bbd36901fc1b3a79b32a2d41ad5638b004230ba8a32ef

                                              SHA512

                                              1e60ddbf36bd55de676dce183aa9e68a79a8b03a6d0bf19f550bbe44f057b2f828b21710ac8a1d61aad156b9e34b079b7a2dea2cb5cf84cfdcbe0ebde988b1b4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\1079996001\DpLKrVb.exe
                                              Filesize

                                              232KB

                                              MD5

                                              61df5bd677361765915aeee63c6b2b32

                                              SHA1

                                              b95821e718908535903ae4e9aee850af22a63206

                                              SHA256

                                              0d8a94a6639ce0c091363a25f027df4d30bb0b6d9d8a3039e931ad1f5c629480

                                              SHA512

                                              17e1d6860b74b159614dad61744c883469b7e8b3d4dd4c25e9ba64de5f2f1c2dcc213d581d5b1295b2d95f1e74cf89cbe96dcdec854e203a83cd173a9366c7fd

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\1080446001\qt7gC9n.exe
                                              Filesize

                                              246KB

                                              MD5

                                              cdbda55daf59939ee8c0f909abca760f

                                              SHA1

                                              a7c0aefc769a496632d3d11b0e2ef1fa6a2bd605

                                              SHA256

                                              01aa0ae24d4f4c0b9f60406de39ad8618d3438c32a05a3ffd14564769481e196

                                              SHA512

                                              ed7bf641cb08b27887a1f7e0821d06c2e3919774b20149d081257ed20d9249a907e739177466fcad9b9b2bf0549e6df3ff4ed846abfa1c27282a26c48fb755a0

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\1080595001\w3Xwk4R.exe
                                              Filesize

                                              1.9MB

                                              MD5

                                              6c3389d74cf7c9d6694befac6e2675eb

                                              SHA1

                                              c3ad8a55331fd2416b78c62371937de47cdc9816

                                              SHA256

                                              d03e1812722b8a8539d6612edabed331ea7430c536bf71c6a96fe8d2f084a5fa

                                              SHA512

                                              b96d68e8c2336536fa1685c159fed13e68e336b075e37806360b22bd270d85c5fba64e81c65854947109429bb0e8b662037eadaf0dfb734b8f869a7287070205

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\1081341001\0LGvvQO.exe
                                              Filesize

                                              29KB

                                              MD5

                                              eaddae635c1b70d129d6ba1821de7b6e

                                              SHA1

                                              c125eb40308cf1c80a6d58b7ffacef9a7319d608

                                              SHA256

                                              44db542e3271319c1c7d591169335e9eed8521d564bb578f3af3d3735b3b03d3

                                              SHA512

                                              52ee576cae6f66b256152ad4d3acf5d11620afec4d102d1080fcce6553baedcdb8e4a50a0642a82515de5d55a1042e959edd805ffb4f6931572781f09c8e3883

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\CabA823.tmp
                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\TarA836.tmp
                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
                                              Filesize

                                              7KB

                                              MD5

                                              f7190a6a749f72785576d2ae4949da63

                                              SHA1

                                              834df2d2e0b142b16b2090c7a40fc1423cb5c842

                                              SHA256

                                              94992964301cece882a0972ca255396404d9bc1841478a3443076afaaf6e1c9b

                                              SHA512

                                              9cfe19965048db448380b14cc34f2fd7d5d43dd86f33452ba44cd4d800b5493bcabb35400116df62f39d4437e51d44eaf9175fd7e14439e5a19e8c0a33c45cfb

                                              Download Submit

                                            • \Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                              Filesize

                                              2.0MB

                                              MD5

                                              190126600c4f0d6f6f75c7bd47081ce9

                                              SHA1

                                              7fce3c146cb29413dcbe133013f7bf760fb3d6d1

                                              SHA256

                                              04a56891b310acf9bb0397f078f1ac1c117754423f6ebc76bd2b0c7182cf3825

                                              SHA512

                                              8ee42e579c04a085bca667cc797b07fe63e26d5379f95d15471c877f26e5f22fb478986c717ecb1871ccbb2758eea7f523f7ce0ab2231b358a17d41223f73384

                                              Download Submit

                                            • memory/692-127-0x000000001B700000-0x000000001B9E2000-memory.dmp

                                              Filesize

                                              2.9MB

                                              Download

                                            • memory/692-128-0x0000000002240000-0x0000000002248000-memory.dmp

                                              Filesize

                                              32KB

                                              Download

                                            • memory/1912-56-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1912-46-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/1912-52-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/1912-59-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/1912-57-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/1912-54-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/1912-50-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/1912-48-0x0000000000400000-0x000000000045F000-memory.dmp

                                              Filesize

                                              380KB

                                              Download

                                            • memory/2376-120-0x000000001B7C0000-0x000000001BAA2000-memory.dmp

                                              Filesize

                                              2.9MB

                                              Download

                                            • memory/2376-121-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

                                              Filesize

                                              32KB

                                              Download

                                            • memory/2508-41-0x00000000002A0000-0x0000000000300000-memory.dmp

                                              Filesize

                                              384KB

                                              Download

                                            • memory/2944-114-0x0000000000DF1000-0x0000000000E59000-memory.dmp

                                              Filesize

                                              416KB

                                              Download

                                            • memory/2944-167-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-210-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-99-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-20-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-112-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-113-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-209-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-115-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-26-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-25-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-23-0x0000000000DF1000-0x0000000000E59000-memory.dmp

                                              Filesize

                                              416KB

                                              Download

                                            • memory/2944-208-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-207-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-134-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-169-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-148-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-168-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-163-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-164-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-165-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2944-166-0x0000000000DF0000-0x000000000129E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2976-18-0x0000000000A40000-0x0000000000EEE000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2976-3-0x0000000000A40000-0x0000000000EEE000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2976-4-0x0000000000A40000-0x0000000000EEE000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2976-2-0x0000000000A41000-0x0000000000AA9000-memory.dmp

                                              Filesize

                                              416KB

                                              Download

                                            • memory/2976-1-0x0000000077900000-0x0000000077902000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/2976-21-0x00000000070D0000-0x000000000757E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2976-22-0x0000000000A41000-0x0000000000AA9000-memory.dmp

                                              Filesize

                                              416KB

                                              Download

                                            • memory/2976-19-0x00000000070D0000-0x000000000757E000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download

                                            • memory/2976-0-0x0000000000A40000-0x0000000000EEE000-memory.dmp

                                              Filesize

                                              4.7MB

                                              Download