masslogger | 1f1e1c079253f774dc02a7ff4e103a781573288802ba8c87af6790626fbcfca6

Resubmissions

16-06-2020 09:51

200616-esgd48lx3e 10

26-05-2020 12:05

200526-67qev7hzae 10

Analysis

max time kernel
141s
max time network
136s
platform
windows7_x64
resource
win7v200430
submitted
26-05-2020 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZIRAT BANKA.IFT MESAJI.exe
Size

1.2MB
MD5

96463f1796847224b85a96752b59ff17
SHA1

ca05cf6c0eac29a22d1296a15804cec36a908347
SHA256

1f1e1c079253f774dc02a7ff4e103a781573288802ba8c87af6790626fbcfca6
SHA512

cd27c0801d2d33ddb0ce26a769fd51e844f8ac7301079afab3c786822c529cb924b7db7e4a1992af77edf011ad4ffd586191a8754ca3738846605eb67acf3f5c

Score

10^/10

ransomware stealer spyware masslogger

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/26/2020 2:07:04 PM MassLogger Started: 5/26/2020 2:07:03 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Signatures

Loads dropped DLL 1 IoCs

Processes:

ZIRAT BANKA.IFT MESAJI.exe

pid process

1092 ZIRAT BANKA.IFT MESAJI.exe
MassLogger log file 1 IoCs
Detects a log file produced by MassLogger.

Processes:

yara_rule

masslogger_log_file
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

2 api.ipify.org
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe

description pid process

Token: SeDebugPrivilege 1092 ZIRAT BANKA.IFT MESAJI.exe
Token: SeDebugPrivilege 1784 InstallUtil.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

ZIRAT BANKA.IFT MESAJI.exeInstallUtil.exe

pid process

1092 ZIRAT BANKA.IFT MESAJI.exe
1092 ZIRAT BANKA.IFT MESAJI.exe
1092 ZIRAT BANKA.IFT MESAJI.exe
1784 InstallUtil.exe
1784 InstallUtil.exe

pid	process
1092	ZIRAT BANKA.IFT MESAJI.exe

yara_rule
masslogger_log_file

flow	ioc
2	api.ipify.org

description	pid	process
Token: SeDebugPrivilege	1092	ZIRAT BANKA.IFT MESAJI.exe
Token: SeDebugPrivilege	1784	InstallUtil.exe

pid	process
1092	ZIRAT BANKA.IFT MESAJI.exe
1092	ZIRAT BANKA.IFT MESAJI.exe
1092	ZIRAT BANKA.IFT MESAJI.exe
1784	InstallUtil.exe
1784	InstallUtil.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

ZIRAT BANKA.IFT MESAJI.exe

description	pid	process	target process
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe
PID 1092 wrote to memory of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

ZIRAT BANKA.IFT MESAJI.exe

description pid process target process

PID 1092 set thread context of 1784 1092 ZIRAT BANKA.IFT MESAJI.exe InstallUtil.exe
Executes dropped EXE 1 IoCs

Processes:

InstallUtil.exe

pid process

1784 InstallUtil.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

InstallUtil.exe

pid process

1784 InstallUtil.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

InstallUtil.exe

pid process

1784 InstallUtil.exe

description	pid	process	target process
PID 1092 set thread context of 1784	1092	ZIRAT BANKA.IFT MESAJI.exe	InstallUtil.exe

pid	process
1784	InstallUtil.exe

pid	process
1784	InstallUtil.exe

pid	process
1784	InstallUtil.exe

C:\Users\Admin\AppData\Local\Temp\ZIRAT BANKA.IFT MESAJI.exe
"C:\Users\Admin\AppData\Local\Temp\ZIRAT BANKA.IFT MESAJI.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1092

C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
"C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe

Download Submit
\Users\Admin\AppData\Local\Temp\InstallUtil.exe

Download Submit
memory/1092-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download
memory/1784-4-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-6-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-7-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-9-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-10-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-11-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-13-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-12-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-14-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-15-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-16-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-17-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-18-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-19-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-20-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-21-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-22-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-23-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-24-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-25-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-26-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-27-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-28-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-29-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-30-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-31-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-32-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-33-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-34-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-35-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-36-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-37-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-38-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-39-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-40-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-41-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-42-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-43-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-44-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-45-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-46-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-47-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-48-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-49-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-50-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-51-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-52-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-53-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-54-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-55-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-56-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-57-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-58-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-59-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-60-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-61-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-62-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-63-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-64-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-65-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-66-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-67-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-68-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-69-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-70-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-71-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-72-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-73-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-74-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-75-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-76-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-77-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-78-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-79-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-80-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-81-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-82-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-83-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-84-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-85-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-86-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-87-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-88-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-89-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-90-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-91-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-92-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-93-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-94-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-95-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-96-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-97-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-98-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-99-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-100-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-101-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-102-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-103-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-104-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-105-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-106-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-107-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-108-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-109-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-110-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-111-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-112-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-113-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-114-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-115-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-116-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-117-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-118-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-119-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-120-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-121-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-122-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-123-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-124-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-125-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-126-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-127-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-128-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-129-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-130-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-131-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-132-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-133-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-134-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-135-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-136-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-137-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-138-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-139-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-140-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-141-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-142-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-143-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-144-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-145-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-146-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-147-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-148-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-149-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-150-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-151-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-152-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-153-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-154-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-155-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-156-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-157-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-158-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-159-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-160-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-161-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-162-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-163-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-164-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-165-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-166-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-167-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-168-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-169-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-170-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-171-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-172-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-173-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-174-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-175-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-176-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-177-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-178-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-179-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-180-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-181-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-182-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-183-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-184-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-185-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-186-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-187-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-188-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-189-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-190-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-191-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-192-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-193-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-194-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-195-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-196-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-197-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-198-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-199-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-200-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-201-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-202-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-203-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-204-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-205-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-206-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-207-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-208-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-209-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-210-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-211-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-212-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-213-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-214-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-215-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-216-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-217-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-218-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-219-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-220-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-221-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-222-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-223-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-224-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-225-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-226-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-227-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-228-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-229-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-230-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-231-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-232-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-233-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-234-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-235-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-236-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-237-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-238-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-239-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-240-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-241-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-242-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-243-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-244-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-245-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-246-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-247-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-248-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-249-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-250-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-251-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-252-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-253-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-254-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-255-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-256-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-257-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-258-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-259-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-260-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1784-261-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download