Overview

overview

10

Static

static

3

ca97bd5dbb...09.dll

windows7-x64

10

ca97bd5dbb...09.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2025, 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca97bd5dbbcb449c0b49f54d9dceff863678578e2fb9293baa10e5790693cf09.dll

  • Size

    638KB

  • MD5

    51c8980f12f9f2c24350e5e06ffe8b2e

  • SHA1

    3aa5663d81eb8bae16e3217f206e38a3333e04c6

  • SHA256

    ca97bd5dbbcb449c0b49f54d9dceff863678578e2fb9293baa10e5790693cf09

  • SHA512

    e1638f95566c31c723cfc098690a2beff1eba0f292563ae082d603a5ce0d2b88ccec50abe17e4c42fa56677a588db19b5d9000843fd9a64851179bf29603f422

  • SSDEEP

    12288:TMFaRxiRVw4GEBkvkNbBUT29aCBYC8Hc/sdL9nHGqxHZC5gDG+pG/Y6:TMkxh49kvkNbHCW0d5HG0CeJgY6

Score
10/10
ramnitzloaderplspamplspambankerbotnetdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Extracted

Family

zloader

Botnet

PLSPAM

Campaign

PLSPAM

C2

http://marchadvertisingnetwork4.com/post.php

http://marchadvertisingnetwork5.com/post.php

http://marchadvertisingnetwork6.com/post.php

http://marchadvertisingnetwork7.com/post.php

http://marchadvertisingnetwork8.com/post.php

http://marchadvertisingnetwork9.com/post.php

http://marchadvertisingnetwork10.com/post.php
Attributes
  • build_id

    27

rc4.plain

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Zloader family
    zloader
  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca97bd5dbbcb449c0b49f54d9dceff863678578e2fb9293baa10e5790693cf09.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca97bd5dbbcb449c0b49f54d9dceff863678578e2fb9293baa10e5790693cf09.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1396
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2380
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1912
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2736
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2460
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2744
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        3⤵
        • Adds Run key to start application
        • Blocklisted process makes network request
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cac8246c07f356063cdfcd6f8e048a2e

    SHA1

    4f32588e214caed43f19ab4c1afd2580c346210e

    SHA256

    4e50bb87c10210a3999a0355b3e72fd56c202165bd92108fb155c10cfe7a3d1b

    SHA512

    1e31e8dc13a801acf8ab2775a0eb64ae85fa9e21963667b0ba2fcb760b8e473927bf07234c68cf62831a82b06211c170a30a1038a030d5e1740118511cc8a4b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08e7b6932df470a5ed91971c26a2411c

    SHA1

    341b7a18d81157a3359f25be6c69f3214b13b08a

    SHA256

    e418086d37cd6f16916717c01d57c958f0cd95ce9d90dd96bd211019b030a820

    SHA512

    8d6267a6b1c153f50cf6edb8cc55078e5eb4bdd236eeb1e68c28220a5691f09e8d301e50c662b0f80822c7078570302bc6a96202ae52f3365770ffdfdc6b2fb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48dd86be7b3ef29baee0dfb1a4f6b442

    SHA1

    be32339c43a9562f3238575f695ba388c56abe42

    SHA256

    f02c40d3312fbab12a85dc95f8a517d0088bebdee6ad515bfe7977b99b9af12b

    SHA512

    aa6629c7ba1de232a1296841cc80d65157d5a8a7a88e903dfbfaf5f3fb7fb605b45c5c5d3f7484ee77b7ec59cce4c34547562fab351b68a5df5eb06759c920c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d16258f501cf297cfad02c4a1515df7

    SHA1

    09bab640b37dfa74407475604099a8a8871b6580

    SHA256

    9420315d15a83098272585cdb8327dd4b12d76ee4d85e2b9c9834f5821a64836

    SHA512

    4cdc9c7ae6de01f69b78328ba746d1a287dccb8dda361091c6c270a7b0626985ccc510f1f87fe3bd449c7918887cb2c49c41e095eddf457670cc4ad3da1f1198

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28b2cf61b6efc6ee0807d76204b9fcdd

    SHA1

    84d89a6dd0f62e0fe16822d9d26d9eb1bb72689f

    SHA256

    a38e5988209251cf196b05540328fc9ba99942858059949bc2ea88427acb532f

    SHA512

    b6cf2019acd17aeb8c253e6542aac4afcb7d98ea9743d24f5081a8830ea635c8e63afa5b15cd5175901247db583240fdfc955cde943cbbf733db1264d0335ca2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3375ba062228a3249d2e729d2713acc

    SHA1

    2d760423370573c4e22f480da2ba288acaec5c97

    SHA256

    207adf65f156ace83a0882e16b7971d018685ce1eaa8a2c95d13f27b48781941

    SHA512

    52a8897951b8b148a5e2ab6b8cc64743c9d1eb96c75bdf8f31b205e698420071dda89de92a42470fdb8e06ef833e4bb628daf42998441eb719adf7e8600c4ead

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f5de259bdad18b5fa0b8c37aa464793

    SHA1

    2c3ca62f3db43a1d3e5b733b5347c17bc700a496

    SHA256

    10f177183fc32f99a2d774d985b1f2a73c785f59a85142eb41bd57e90d1fc4c7

    SHA512

    b795a292b6a7e02701e3651d8168b06583ed52211c9a9bb6bd69a63b0d7c591a79d5fceba09e05f9ce4e947d0313be69d24921448db89a98740a459d02120de3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0e2113c8e9b844f844cee92d738fa63

    SHA1

    09d2bd5500f0e19aecae0519bceb424c5ddccaf8

    SHA256

    95eb6b64587c9cadb3a2ad63a7de79cd2a5abc08e430f07818a355da65fc98df

    SHA512

    2c7d4beca42713da4b61b7d7824cba28ec06eb3b1daaaf32219a397bdf217516bd3a2d4fe169a6e67f8cc68fb1a1845a008bab604a2d481bfe4bcea142dfacc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3867de96c8490937683a9a507c1816f6

    SHA1

    87422fbbc6c1b1440a218406e7f67876431916ca

    SHA256

    18eff6c3a588785f8b15926040e014fbfe5835c278e93cb8fa94a4d699723de3

    SHA512

    c132191f9c4ebf39790d83789375ed5f4df23d2e721c86c77cb954b44565f62293ed0d6eab35f2abee33e6eb20c4b9a20c8291f936c3208981c2b1134bc7bd53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a111b6d72b554521f2964620281d49db

    SHA1

    74d31ae1f74f49749a9b6a177e3937d66025fa08

    SHA256

    b85c43921cf4c28cab52d4e768fcf8c9b398a7219ef4a3bbfb04740a4513797f

    SHA512

    215d4867f158aa247407012fe1bbc2bc8ec5a69ddfe5f707a25dc24cfcedf215947074b8bd11d1eb82632b7887cbc0429dbc1c41c026c271be57e47044aa4f2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    510a69b5df613b6035f5967e02da5a2a

    SHA1

    dbef5b45d2710f2f7cb2aaa589d371dd5a6912e4

    SHA256

    c33ecd1f0708d019eb852f121677b3cff817d987784d88884b63e3eb41d9d7ad

    SHA512

    0c872101b7a78e86fe511225c89a06b8d4463a393cfa5bcfc58a4e91bfc31e56f02a2b72a1d934ee738b1e9708753e82bfe2069bf53446d01738aa1b0e6315bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2edc9e760393ca4da9fb158cc73051db

    SHA1

    bc9f0fc0b46e49f58faf78075391851818371da4

    SHA256

    983d7a6449176f43d88a72c8d3fc2df94b8152bb4a67c016c8530ca11e2c6582

    SHA512

    0bdeb4eb03ad5945c87fd7a7b7ba010f5e017539fd1ba3ad8ce79bc459b556387fea4392bbb46fd2d5c1a6cf0d3d02ff7bbb256899dce230c785bb261abbe1c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ed947050e01ae3076eb3450f7ed5927

    SHA1

    0d14c8996583c57bf3e559d2d22b481ce7700aa0

    SHA256

    30014e3f9a8cb85c3cdc1156152f37c66104ef30ee4107879b72e616a3520b94

    SHA512

    b1c1727d6991d42395537e9078c2d3b1443b00f30920d37f8afe5a122ae2986052579c39cf669159f936cfc9d26347043fbc7b3b828096c5d5b07725312f53bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5dd029a483f4286ebca5f05b4062f0bd

    SHA1

    e7d22641e37e9aedfeec5b6019715f033d0e5a79

    SHA256

    585e43cf2048f72befae1c46847e0526b9e0238384e6489c0983cab2ef8e3497

    SHA512

    1ae3bfb4d22c042c754f7a8f4b6047c27e53b8a240c524450ce6277c672b45bd74898cc1da0b9b03ca71715d02e544602d9cd54098d39a5ad49c23188f55d430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27371b7132aa3d72345728e0fd6f96d6

    SHA1

    4bde394e5c6ac6bd5dce13ce76982583a6497342

    SHA256

    d64704bd44d567f01cd537d836dbd9f76ae03ecba6112568352ccd5286239085

    SHA512

    d8a81adad99bb1941c4543ea19ba680ea4875bf2b6397ae06d8fc8df085434a0c9d54c7b6c0bfcb5854f79a0350d496cfe8949a57f41823e555822662fbb4b24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5844cd05fd76cea4b9c6d74c9b32924

    SHA1

    b7d3f397a71f390ec9aea38875f09ef7b51726f2

    SHA256

    d2355297f91024954ec002dc501c4fb0e75a872e751b313a2600d9fd9ca5dbb3

    SHA512

    9cac460594cb57086d4b7b61f245fa6ff896fb90700caf7d53dd52805a2d2339f619e516795877f3704a3a0c70aa83c6a878838bbc3b599c86f50c1ff829ef6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1cb80fd6ebe36bdbc3f3125a143069f

    SHA1

    1daad3e53b259d46f6a883f136e5721740b715c9

    SHA256

    e5eb585783b8bec29040e7aabd2de54508243b3d0849c6c14bac7a1c54dc4505

    SHA512

    e05785ffd8838f2280be19bd8ba0997451f4f5cd1e679cca5bb10f2eac7ecaf5aa13186a71433963ad4edb0861fc43ce073e48f2bd75a4b2365725d82c8e5349

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a196ec60e1f2146203fb16280c5caae7

    SHA1

    f7d52c78fbd95828487c83d4e71a28a2b6434788

    SHA256

    9a8bad05249bf820d539d53b4769c520bb95bfd337a30a77665ddfadddb5ad95

    SHA512

    6ad09fad4a332b3a72ef59c150eaadafe1006bd7a5911b58a9fe6e3430ec04ed474a114ef205f8fca5763a62218eef5b77e89e0c614939714f26d0a8d60ad6e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de2507c07de4bc8534d30cf5c61f1c4f

    SHA1

    4223d6e0e4e27346bc2364efa34f8d6db5649120

    SHA256

    956e128598ea7561f18aaffc3f6ff9a1726ecdd1d0b3c180b7c7c30696dd73d6

    SHA512

    3f804246ffa733f690fa13c9ba33b56cfc8d7c156dd273d48a6f8a854202182399407746c61dac310990dd8899dfd79da41c198782bfae8ae670e69fdf08bcb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{47312941-F57D-11EF-B9F2-E62D5E492327}.dat
    Filesize

    5KB

    MD5

    e4e6bb2c0b5eb878c3fdc8d16046efc4

    SHA1

    5fad8a8c0b2f16cd4351f8c1297513bc6eafa018

    SHA256

    eb3cefecaf2077e96e8bbe7d9405bd7bf68f40fbd34aacac4ae977efe5da075d

    SHA512

    c92d4bda0fa6fe25c709019bdc854bee1554f7ec323e176e368a8d17883428fde6ce61f7512e880117c44db9404bd63ed2ed515f9f6282e19fae2042debe3213

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{47315051-F57D-11EF-B9F2-E62D5E492327}.dat
    Filesize

    5KB

    MD5

    a4fc6dc11e2b7dda425a7a23afb9c550

    SHA1

    9d5fe41635ee5c873d01e36cb2119aa66cceb0d6

    SHA256

    725899a164de5a4432d6ad1c8417c30f5df19d321400ec5ecdee233bcbd7ed65

    SHA512

    b1400e49b9cdb86370ab64151b7a86b9cc453143b33834565006a8c0f67c1060655e6248be3f4bce4885b458183373786e570594eab75016d45d108c7cb5a3f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB6D4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB803.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    d5ca6e1f080abc64bbb11e098acbeabb

    SHA1

    1849634bf5a65e1baddddd4452c99dfa003e2647

    SHA256

    30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

    SHA512

    aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

    Download Submit

  • memory/1396-511-0x00000000750F0000-0x00000000751B0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1396-10-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1396-11-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1396-498-0x0000000075172000-0x0000000075175000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1396-499-0x00000000750F0000-0x00000000751B0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1396-500-0x00000000750F0000-0x00000000751B0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1396-501-0x00000000750F0000-0x00000000751B0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1396-502-0x0000000075172000-0x0000000075175000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1396-9-0x00000000750F0000-0x00000000751B0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1396-8-0x00000000750D0000-0x0000000075190000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1396-7-0x0000000075190000-0x0000000075250000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2380-17-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2380-23-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2380-19-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2380-13-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2380-15-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2380-18-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-16-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-512-0x00000000000F0000-0x0000000000120000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2704-509-0x00000000000F0000-0x0000000000120000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2704-507-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-505-0x00000000000F0000-0x0000000000120000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2704-948-0x00000000000F0000-0x0000000000120000-memory.dmp

    Filesize

    192KB

    Download