Overview

overview

10

Static

static

10

2025-03-30...er.exe

windows7-x64

10

2025-03-30...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/03/2025, 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-30_72c81db7f9436e4cf9412e713adcfcc1_bitrat_black-basta_coinminer_luca-stealer.exe

  • Size

    7.8MB

  • MD5

    72c81db7f9436e4cf9412e713adcfcc1

  • SHA1

    1ad4cb6d338ffb238fa5090b27785a73a5bf9b59

  • SHA256

    5b0bd0f788bfe6a0d0850dd8c7445f92f8c4b9d5567b1335a6e46b47d5e1e8e0

  • SHA512

    2e5fab88ff4717a32fed68f0612a4ae1e696f1103da36d01fc296708fb24e5543b84010ff26af31ef0b1eadb9b5a31d104d6fa2636877635e1dbf13ff5e38496

  • SSDEEP

    196608:CIRcbH4jSteTGvyxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfq:CdHsfuyxwZ6v1CPwDv3uFteg2EeJUO9d

Score
10/10
bitratdiscoverypersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

qt3t3vvvzk5g3lzzgbmw76pmgx4t6pxtaznbeoxa4g6qjgdtsvcph7ad.onion:80

Attributes
  • communication_password

    b8dae3b02dbd08727d3785c175a81d03

  • install_dir

    Microsoft Silverlight

  • install_file

    Microsoft Silverlight.exe

  • tor_process

    Runtime Broker

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Bitrat family
    bitrat
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 29 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-30_72c81db7f9436e4cf9412e713adcfcc1_bitrat_black-basta_coinminer_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-30_72c81db7f9436e4cf9412e713adcfcc1_bitrat_black-basta_coinminer_luca-stealer.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe
      "C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3812
    • C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe
      "C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4992
    • C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe
      "C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1636
    • C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe
      "C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2932
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
    1⤵
      PID:1768
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
      1⤵
        PID:4828
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
        1⤵
          PID:3540
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
          1⤵
            PID:4172
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
            1⤵
              PID:4284
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
              1⤵
                PID:5012
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                1⤵
                  PID:2872
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                  1⤵
                    PID:5024
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                    1⤵
                      PID:4048
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                      1⤵
                        PID:2756
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                        1⤵
                          PID:4440
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                          1⤵
                            PID:1436
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                            1⤵
                              PID:2912
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                              1⤵
                                PID:2032
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                1⤵
                                  PID:3848
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                  1⤵
                                    PID:2572
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                    1⤵
                                      PID:3100
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                      1⤵
                                        PID:5064
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                        1⤵
                                          PID:2052
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                          1⤵
                                            PID:4852
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                            1⤵
                                              PID:208
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                              1⤵
                                                PID:1132
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                                1⤵
                                                  PID:1512
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                                  1⤵
                                                    PID:1560
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                                    1⤵
                                                      PID:1344
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                                      1⤵
                                                        PID:4004
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                                        1⤵
                                                          PID:3292
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft Silverlight\Microsoft Silverlight.exe
                                                          1⤵
                                                            PID:4776

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\Runtime Broker.exe
                                                            Filesize

                                                            973KB

                                                            MD5

                                                            5cfe61ff895c7daa889708665ef05d7b

                                                            SHA1

                                                            5e58efe30406243fbd58d4968b0492ddeef145f2

                                                            SHA256

                                                            f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

                                                            SHA512

                                                            43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\cached-certs
                                                            Filesize

                                                            15KB

                                                            MD5

                                                            2407df2ed72e915d670a4deb3e8a3290

                                                            SHA1

                                                            ca4414634fa71119343044558ef37153184a0ce8

                                                            SHA256

                                                            d9289c046b368a4ef90fdceeb7f56ba0483869e44d90520d0d1bc9913bcfc986

                                                            SHA512

                                                            e1b168355c789ac57a9f9b48f7ec445971986eb03a67d2c08e4def0781e763d317f76e3a49387f5dd2aa50f57f663d15cf9f847a0eeb5853e8ae73e0c289bce9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\cached-microdesc-consensus.tmp
                                                            Filesize

                                                            3.1MB

                                                            MD5

                                                            355e41ffabcf2b867f2d2d2485d3e26f

                                                            SHA1

                                                            a432cb4f34f74332dda7662f58747f13309325a6

                                                            SHA256

                                                            713fb42dbcf0ebc1a7a6a46ef4d76ba8e083c5cd7a47ec35ee450297e8022395

                                                            SHA512

                                                            217d58d3e2a12e6db1417c21743b15ae0f0c8ab27b7af956ef7cdd81275e9842914b971df660f6572146e8f04eb53eebb05ccddda60b997774be51f5328ffec7

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\cached-microdescs
                                                            Filesize

                                                            28.3MB

                                                            MD5

                                                            145b899f3bfb7050438cfeab238e0689

                                                            SHA1

                                                            3e9e041ad3d51f26928b27ed1180d847a3b9aed2

                                                            SHA256

                                                            5917a13c87e2e2c01ae64bab8db70098c62ee2c9acd004582a2c1deca12428d7

                                                            SHA512

                                                            5152461fdd7b30b70e67aa4b0dde333172f18524799f486642a3a103e7644e666df7ccc8c12bfca67c0eb1bba2dd5d0a215743822c90ef7192d29e6184e005ac

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\cached-microdescs.new
                                                            Filesize

                                                            28.3MB

                                                            MD5

                                                            8f1677bf1862db0f769c3feddaf4903d

                                                            SHA1

                                                            969484cdc8fec5dcdd930a94eb11cfac0f33a649

                                                            SHA256

                                                            0dfddb36187e2205e026e7305473ab5772298627e7febb94d616008996aa3706

                                                            SHA512

                                                            8951b80d313ba3214209eefe8c4318694044cd1c12454d5dc30e73b750f11a9e92bf13249f03f7022fae227006fb337e53cb234600ec38dbc0c60b312e1cb8eb

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\state
                                                            Filesize

                                                            232B

                                                            MD5

                                                            83814fac272487ec92c821c80a11cbf7

                                                            SHA1

                                                            b5cf979042a8e49a9c5b08f4e79b534a234b16db

                                                            SHA256

                                                            d3c23cfc6791a70677e684c53cd82e96350509dd9e5073d7b8040e6b86c549eb

                                                            SHA512

                                                            0e3d0566fdc608ec935f2faea47b6a458e49ddcc2bf135c0d187999b2f17790e1e3e41455768dbff8f23437cb6ff8caa72c76eacea2e85550250d1244f95d6fb

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\state
                                                            Filesize

                                                            3KB

                                                            MD5

                                                            9d44f53ef19b89f1dbcd861e2be9bd9f

                                                            SHA1

                                                            542402476fd08f446544135ffabf79dbf9861146

                                                            SHA256

                                                            01a4e55fdff73a5e21bfbb09e3c1d495e230f90a1f84c051def40007bbb6b055

                                                            SHA512

                                                            8e27255d3483465a93f33628e1c93d19a9bb151a581527fc5f69073eb9babe0bfb09220717254546d02d58622611674f0f82efa33da8aef8c4a6f916293b31d5

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\data\state
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            e63179a8947e3bf2700753f3ce39da83

                                                            SHA1

                                                            e2305cbc410ed5cb8f36497fe8848e89936bd854

                                                            SHA256

                                                            bc7d47b4ae3607abeca0c5d61540a05e0b41d4cdba8e394ff1f8a9a2df348aac

                                                            SHA512

                                                            9d0fc987abb58fff6e10b14ef543ccad3fb300adaa6036e5e18cd7be0601a2c68c5a2a92c5d29b101608dda3fdd14187fd96d7575cbc3a1036b80e3b43fbad56

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\libcrypto-1_1.dll
                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            2384a02c4a1f7ec481adde3a020607d3

                                                            SHA1

                                                            7e848d35a10bf9296c8fa41956a3daa777f86365

                                                            SHA256

                                                            c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

                                                            SHA512

                                                            1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\libevent-2-1-6.dll
                                                            Filesize

                                                            366KB

                                                            MD5

                                                            099983c13bade9554a3c17484e5481f1

                                                            SHA1

                                                            a84e69ad9722f999252d59d0ed9a99901a60e564

                                                            SHA256

                                                            b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

                                                            SHA512

                                                            89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\libgcc_s_sjlj-1.dll
                                                            Filesize

                                                            286KB

                                                            MD5

                                                            b0d98f7157d972190fe0759d4368d320

                                                            SHA1

                                                            5715a533621a2b642aad9616e603c6907d80efc4

                                                            SHA256

                                                            2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

                                                            SHA512

                                                            41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\libssl-1_1.dll
                                                            Filesize

                                                            439KB

                                                            MD5

                                                            c88826ac4bb879622e43ead5bdb95aeb

                                                            SHA1

                                                            87d29853649a86f0463bfd9ad887b85eedc21723

                                                            SHA256

                                                            c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

                                                            SHA512

                                                            f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\libssp-0.dll
                                                            Filesize

                                                            88KB

                                                            MD5

                                                            2c916456f503075f746c6ea649cf9539

                                                            SHA1

                                                            fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

                                                            SHA256

                                                            cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

                                                            SHA512

                                                            1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\libwinpthread-1.dll
                                                            Filesize

                                                            188KB

                                                            MD5

                                                            d407cc6d79a08039a6f4b50539e560b8

                                                            SHA1

                                                            21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

                                                            SHA256

                                                            92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

                                                            SHA512

                                                            378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\torrc
                                                            Filesize

                                                            157B

                                                            MD5

                                                            99be702e0dfdad852647530100615c9b

                                                            SHA1

                                                            5c7ebe18f0a11a471032bdba0b302e3a4e892109

                                                            SHA256

                                                            3a0f246e50342b586baf4485f4fb3041aedcc5be5f5f0bd4a2d88dbeaad87e82

                                                            SHA512

                                                            e61af6555caa87aa4fb097896ecc970ccfb3af5506219270d11b6fe50a4d17d3e6c48fd14351f843cbab1c505902b528147615b6486bb9f335e3dd6e6fc27452

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\347aaba3\tor\zlib1.dll
                                                            Filesize

                                                            52KB

                                                            MD5

                                                            add33041af894b67fe34e1dc819b7eb6

                                                            SHA1

                                                            6db46eb021855a587c95479422adcc774a272eeb

                                                            SHA256

                                                            8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

                                                            SHA512

                                                            bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

                                                            Download Submit

                                                          • memory/1636-223-0x0000000073D90000-0x0000000073E58000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/1636-222-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/1636-228-0x0000000073AA0000-0x0000000073B28000-memory.dmp

                                                            Filesize

                                                            544KB

                                                            Download

                                                          • memory/1636-229-0x0000000073E60000-0x000000007412F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/1636-227-0x0000000073B30000-0x0000000073C3A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/1636-226-0x0000000073C40000-0x0000000073C64000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/1636-225-0x0000000073C70000-0x0000000073CB9000-memory.dmp

                                                            Filesize

                                                            292KB

                                                            Download

                                                          • memory/1636-224-0x0000000073CC0000-0x0000000073D8E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/1636-236-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/1636-239-0x0000000073C40000-0x0000000073C64000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/1636-238-0x0000000073CC0000-0x0000000073D8E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/1636-237-0x0000000073D90000-0x0000000073E58000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/1636-248-0x0000000073E60000-0x000000007412F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/1636-276-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/1700-289-0x00000000747A0000-0x00000000747D9000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/1700-201-0x00000000727B0000-0x00000000727E9000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/1700-176-0x0000000000400000-0x0000000000BD8000-memory.dmp

                                                            Filesize

                                                            7.8MB

                                                            Download

                                                          • memory/1700-202-0x0000000073690000-0x00000000736C9000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/1700-77-0x0000000000400000-0x0000000000BD8000-memory.dmp

                                                            Filesize

                                                            7.8MB

                                                            Download

                                                          • memory/1700-49-0x0000000073690000-0x00000000736C9000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/1700-180-0x0000000074BE0000-0x0000000074C19000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/1700-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

                                                            Filesize

                                                            7.8MB

                                                            Download

                                                          • memory/1700-118-0x0000000000400000-0x0000000000BD8000-memory.dmp

                                                            Filesize

                                                            7.8MB

                                                            Download

                                                          • memory/1700-119-0x00000000747A0000-0x00000000747D9000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/1700-52-0x0000000000400000-0x0000000000BD8000-memory.dmp

                                                            Filesize

                                                            7.8MB

                                                            Download

                                                          • memory/1700-128-0x0000000000400000-0x0000000000BD8000-memory.dmp

                                                            Filesize

                                                            7.8MB

                                                            Download

                                                          • memory/1700-1-0x0000000074BE0000-0x0000000074C19000-memory.dmp

                                                            Filesize

                                                            228KB

                                                            Download

                                                          • memory/2932-278-0x0000000073E60000-0x000000007412F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/2932-277-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/2932-279-0x0000000073D90000-0x0000000073E58000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/2932-280-0x0000000073CC0000-0x0000000073D8E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/2932-281-0x0000000073C70000-0x0000000073CB9000-memory.dmp

                                                            Filesize

                                                            292KB

                                                            Download

                                                          • memory/2932-291-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/2932-294-0x0000000073CC0000-0x0000000073D8E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/2932-293-0x0000000073D90000-0x0000000073E58000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/2932-292-0x0000000073E60000-0x000000007412F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/2932-284-0x0000000073AA0000-0x0000000073B28000-memory.dmp

                                                            Filesize

                                                            544KB

                                                            Download

                                                          • memory/2932-283-0x0000000073B30000-0x0000000073C3A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/2932-282-0x0000000073C40000-0x0000000073C64000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/3812-82-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-60-0x0000000073E80000-0x0000000073F08000-memory.dmp

                                                            Filesize

                                                            544KB

                                                            Download

                                                          • memory/3812-41-0x0000000073AA0000-0x0000000073D6F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/3812-36-0x0000000073E80000-0x0000000073F08000-memory.dmp

                                                            Filesize

                                                            544KB

                                                            Download

                                                          • memory/3812-45-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-46-0x0000000073F40000-0x0000000073F89000-memory.dmp

                                                            Filesize

                                                            292KB

                                                            Download

                                                          • memory/3812-48-0x0000000073F10000-0x0000000073F34000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/3812-47-0x0000000073F90000-0x0000000074058000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/3812-53-0x0000000074060000-0x000000007412E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/3812-37-0x0000000073D70000-0x0000000073E7A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/3812-61-0x0000000073D70000-0x0000000073E7A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/3812-31-0x0000000073F40000-0x0000000073F89000-memory.dmp

                                                            Filesize

                                                            292KB

                                                            Download

                                                          • memory/3812-30-0x0000000073F90000-0x0000000074058000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/3812-62-0x00000000012E0000-0x00000000015AF000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/3812-32-0x0000000073F10000-0x0000000073F34000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/3812-63-0x0000000073AA0000-0x0000000073D6F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/3812-33-0x0000000074060000-0x000000007412E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/3812-143-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-135-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-120-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-110-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-98-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-40-0x00000000012E0000-0x00000000015AF000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/3812-27-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/3812-65-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/4992-166-0x0000000073E60000-0x000000007412F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/4992-165-0x0000000073AA0000-0x0000000073B28000-memory.dmp

                                                            Filesize

                                                            544KB

                                                            Download

                                                          • memory/4992-164-0x0000000073B30000-0x0000000073C3A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/4992-182-0x0000000073CC0000-0x0000000073D8E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/4992-163-0x0000000073C40000-0x0000000073C64000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/4992-162-0x0000000073C70000-0x0000000073CB9000-memory.dmp

                                                            Filesize

                                                            292KB

                                                            Download

                                                          • memory/4992-161-0x0000000073CC0000-0x0000000073D8E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/4992-213-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/4992-160-0x0000000073D90000-0x0000000073E58000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download

                                                          • memory/4992-179-0x0000000000040000-0x0000000000444000-memory.dmp

                                                            Filesize

                                                            4.0MB

                                                            Download

                                                          • memory/4992-191-0x0000000073E60000-0x000000007412F000-memory.dmp

                                                            Filesize

                                                            2.8MB

                                                            Download

                                                          • memory/4992-181-0x0000000073D90000-0x0000000073E58000-memory.dmp

                                                            Filesize

                                                            800KB

                                                            Download