masslogger | e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83

Analysis

max time kernel
149s
max time network
92s
platform
windows7_x64
resource
win7v200430
submitted
14/07/2020, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
Size

1.9MB
MD5

29ef05a7b09d8ea9dff23a13a6845b21
SHA1

03c2136b3bf92209f8ee934693c67e208dd5b721
SHA256

e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83
SHA512

a3739b7c7f085d827db7f0214566967cb734264bbf025820d96786cf8be8ec63aa6eab2eb3590be4177b6f0e41817fd47ea57e75dac5b59499c2fa4e7466b8a5

Score

10^/10

ransomware spyware stealer masslogger

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.2.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/14/2020 3:23:10 PM MassLogger Started: 7/14/2020 3:23:02 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe As Administrator: True

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
Token: SeDebugPrivilege	1808	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1356 set thread context of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28

Loads dropped DLL 1 IoCs

pid	Process
1808	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1808	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 1792	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	26
PID 1356 wrote to memory of 1792	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	26
PID 1356 wrote to memory of 1792	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	26
PID 1356 wrote to memory of 1792	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	26
PID 1356 wrote to memory of 1816	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	27
PID 1356 wrote to memory of 1816	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	27
PID 1356 wrote to memory of 1816	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	27
PID 1356 wrote to memory of 1816	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	27
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28
PID 1356 wrote to memory of 1808	1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe	28

MassLogger log file 1 IoCs

Detects a log file produced by MassLogger.

yara_rule
masslogger_log_file

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1808	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
5	api.ipify.org

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
1356	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
1808	DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe

C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
- Suspicious behavior: EnumeratesProcesses
PID:1356
- C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
  "{path}"
  2⤵
  PID:1792
- C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
  "{path}"
  2⤵
  PID:1816
- C:\Users\Admin\AppData\Local\Temp\DHL AWB Incoming ETA 0807 G.W 18.60 kgnet Delivery from GUMTEC-KOREA_pdf____________.exe
  "{path}"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-2-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-4-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-5-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-6-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-7-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-8-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-9-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-10-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-11-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-12-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-13-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-14-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-15-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-16-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-17-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-18-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-19-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-20-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-21-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-22-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-23-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-24-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-25-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-26-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-27-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-28-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-29-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-30-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-31-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-32-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-33-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-34-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-35-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-36-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-37-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-38-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-39-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-40-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-41-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-42-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-43-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-44-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-45-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-46-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-47-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-48-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-49-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-50-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-51-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-52-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-53-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-54-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-55-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-56-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-57-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-58-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-59-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-60-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-61-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-62-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-63-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-64-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-65-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-66-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-67-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-68-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-69-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-70-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-71-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-72-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-73-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-74-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-75-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-76-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-77-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-78-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-79-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-80-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-81-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-82-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-83-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-84-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-85-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-86-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-87-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-88-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-89-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-90-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-91-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-92-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-93-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-94-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-95-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-96-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-97-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-98-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-99-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-100-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-101-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-102-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-103-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-104-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-105-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-106-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-107-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-108-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-109-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-110-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-111-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-112-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-113-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-114-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-115-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-116-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-117-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-118-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-119-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-120-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-121-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-122-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-123-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-124-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-125-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-126-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-127-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-128-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-129-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-130-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-131-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-132-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-133-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-134-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-135-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-137-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-136-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-138-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-139-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-140-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-141-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-142-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-143-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-144-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-145-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-146-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-147-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-148-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-149-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-150-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-151-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-152-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-153-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-154-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-155-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-156-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-157-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-158-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-159-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-160-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-161-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-162-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-163-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-164-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-165-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-166-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-167-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-168-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-169-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-170-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-171-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-172-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-173-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-174-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-175-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-176-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-177-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-178-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-179-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-180-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-181-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-182-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-183-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-184-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-185-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-186-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-187-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-188-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-189-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-190-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-191-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-192-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-193-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-194-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-195-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-196-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-197-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-198-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-199-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-200-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-201-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-202-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-203-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-204-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-205-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-206-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-207-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-208-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-209-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-210-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-211-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-212-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-213-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-214-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-215-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-216-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-217-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-218-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-219-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-220-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-221-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-222-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-223-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-224-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-225-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-226-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-227-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-228-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-229-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-230-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-231-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-232-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-233-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-234-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-235-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-236-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-237-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-238-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-239-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-240-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-241-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-242-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-243-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-244-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-245-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-246-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-247-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-248-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-249-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-250-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-251-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-252-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-253-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-254-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-255-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-256-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-257-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-258-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-259-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-260-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-261-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-262-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-263-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-264-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-265-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-266-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-267-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-268-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-269-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-270-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-271-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-272-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-273-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-274-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-275-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-276-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-277-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-278-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-279-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-280-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-281-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-282-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-283-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-284-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1808-285-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download