860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751

Analysis

max time kernel
151s
max time network
137s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
Size

1.2MB
MD5

53a07fcd121e32daef642e84c383f7bf
SHA1

7f5b36dcc8d9271ca693f2fc6b3e6cb0cc6aa1af
SHA256

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751
SHA512

543ba5ab9de46fe51c619f57128d40b0c22a0797490767e53dc6e32f59de7787145772d97a582be5d9114359834610edcac470dff599b74477a60b3e0a4fd6ee
SSDEEP

12288:iaxmJzOerLwYUFppGKQI1d5ruBYGdsoM8JyiemecY2pyTpPUJFdV7:iUmljvwH7Hb5q2zoM2yi/ecY3SXn7

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

escea.exeescea.exe

pid process

1696 escea.exe
984 escea.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

816 cmd.exe

pid	process
1696	escea.exe
984	escea.exe

pid	process
816	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe

pid	process
1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

escea.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\Currentversion\Run	escea.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\Currentversion\Run	escea.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Tepykaka = "C:\\Users\\Admin\\AppData\\Roaming\\Qamai\\escea.exe"	escea.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exeescea.exe

description	pid	process	target process
PID 1608 set thread context of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1696 set thread context of 984	1696	escea.exe	escea.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

escea.exe

pid	process
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe
984	escea.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe

description	pid	process
Token: SeSecurityPrivilege	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
Token: SeSecurityPrivilege	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exeescea.exe

pid process

1608 860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
1696 escea.exe

pid	process
1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
1696	escea.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exeescea.exeescea.exe

description	pid	process	target process
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1608 wrote to memory of 1984	1608	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
PID 1984 wrote to memory of 1696	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	escea.exe
PID 1984 wrote to memory of 1696	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	escea.exe
PID 1984 wrote to memory of 1696	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	escea.exe
PID 1984 wrote to memory of 1696	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1696 wrote to memory of 984	1696	escea.exe	escea.exe
PID 1984 wrote to memory of 816	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	cmd.exe
PID 1984 wrote to memory of 816	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	cmd.exe
PID 1984 wrote to memory of 816	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	cmd.exe
PID 1984 wrote to memory of 816	1984	860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe	cmd.exe
PID 984 wrote to memory of 1244	984	escea.exe	taskhost.exe
PID 984 wrote to memory of 1244	984	escea.exe	taskhost.exe
PID 984 wrote to memory of 1244	984	escea.exe	taskhost.exe
PID 984 wrote to memory of 1244	984	escea.exe	taskhost.exe
PID 984 wrote to memory of 1244	984	escea.exe	taskhost.exe
PID 984 wrote to memory of 1328	984	escea.exe	Dwm.exe
PID 984 wrote to memory of 1328	984	escea.exe	Dwm.exe
PID 984 wrote to memory of 1328	984	escea.exe	Dwm.exe
PID 984 wrote to memory of 1328	984	escea.exe	Dwm.exe
PID 984 wrote to memory of 1328	984	escea.exe	Dwm.exe
PID 984 wrote to memory of 1352	984	escea.exe	Explorer.EXE
PID 984 wrote to memory of 1352	984	escea.exe	Explorer.EXE
PID 984 wrote to memory of 1352	984	escea.exe	Explorer.EXE
PID 984 wrote to memory of 1352	984	escea.exe	Explorer.EXE
PID 984 wrote to memory of 1352	984	escea.exe	Explorer.EXE
PID 984 wrote to memory of 1152	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1152	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1152	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1152	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1152	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 2008	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 2008	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 2008	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 2008	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 2008	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1100	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1100	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1100	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1100	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1100	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1832	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1832	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1832	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1832	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1832	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1988	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1988	984	escea.exe	DllHost.exe
PID 984 wrote to memory of 1988	984	escea.exe	DllHost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
"C:\Users\Admin\AppData\Local\Temp\860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1608

C:\Users\Admin\AppData\Local\Temp\860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe
"C:\Users\Admin\AppData\Local\Temp\860753698777c8ea193d95d92ce3d3e6f8572a69dca9295005047f2b1d168751.exe"
3⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1984

C:\Users\Admin\AppData\Roaming\Qamai\escea.exe
"C:\Users\Admin\AppData\Roaming\Qamai\escea.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696

C:\Users\Admin\AppData\Roaming\Qamai\escea.exe
"C:\Users\Admin\AppData\Roaming\Qamai\escea.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:984

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp139bb421.bat"
4⤵
- Deletes itself
PID:816

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1328

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1244

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1152

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2008

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1100

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1832

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1988

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1020

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1076

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2032

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp139bb421.bat

Filesize
307B

MD5
a1e7493f8054601db2d14e9d8cf3ecbf

SHA1
c51fd5c3f5195e5fe8afe559f59746bfcbe4d812

SHA256
db2d1b4f0a0762445634bb3d7dd8c81cfcf103ed285e13168f187d18d10dc592

SHA512
9b8fb4c054f036da817e485da628ec6c0829e147e74327cce091ac3f8ecc5404b8776e75ed4843ec695441675968764f22e69f99ef31c16868ba9b333f5cc117

Download Submit
C:\Users\Admin\AppData\Roaming\Qamai\escea.exe

Filesize
1.2MB

MD5
d24adcc52b2bef941e29d186a62ff04c

SHA1
8264cfce978e38c66e68c68a0b87b6d3797cf1a1

SHA256
97699be00d5277a6c78b0c8ea946cb569cd1158fbdc6a0c351e6bb37a288fcbd

SHA512
751fbb11e98aeed607814046348955810d8124cccc269d35f7e0cb748288b6aec14992d475eb5838a63d2b34bcd406e3adbe082fd38cda61c98825a991020de0

Download Submit
C:\Users\Admin\AppData\Roaming\Qamai\escea.exe

Filesize
1.2MB

MD5
d24adcc52b2bef941e29d186a62ff04c

SHA1
8264cfce978e38c66e68c68a0b87b6d3797cf1a1

SHA256
97699be00d5277a6c78b0c8ea946cb569cd1158fbdc6a0c351e6bb37a288fcbd

SHA512
751fbb11e98aeed607814046348955810d8124cccc269d35f7e0cb748288b6aec14992d475eb5838a63d2b34bcd406e3adbe082fd38cda61c98825a991020de0

Download Submit
C:\Users\Admin\AppData\Roaming\Qamai\escea.exe

Filesize
1.2MB

MD5
d24adcc52b2bef941e29d186a62ff04c

SHA1
8264cfce978e38c66e68c68a0b87b6d3797cf1a1

SHA256
97699be00d5277a6c78b0c8ea946cb569cd1158fbdc6a0c351e6bb37a288fcbd

SHA512
751fbb11e98aeed607814046348955810d8124cccc269d35f7e0cb748288b6aec14992d475eb5838a63d2b34bcd406e3adbe082fd38cda61c98825a991020de0

Download Submit
\Users\Admin\AppData\Roaming\Qamai\escea.exe

Filesize
1.2MB

MD5
d24adcc52b2bef941e29d186a62ff04c

SHA1
8264cfce978e38c66e68c68a0b87b6d3797cf1a1

SHA256
97699be00d5277a6c78b0c8ea946cb569cd1158fbdc6a0c351e6bb37a288fcbd

SHA512
751fbb11e98aeed607814046348955810d8124cccc269d35f7e0cb748288b6aec14992d475eb5838a63d2b34bcd406e3adbe082fd38cda61c98825a991020de0

Download Submit
\Users\Admin\AppData\Roaming\Qamai\escea.exe

Filesize
1.2MB

MD5
d24adcc52b2bef941e29d186a62ff04c

SHA1
8264cfce978e38c66e68c68a0b87b6d3797cf1a1

SHA256
97699be00d5277a6c78b0c8ea946cb569cd1158fbdc6a0c351e6bb37a288fcbd

SHA512
751fbb11e98aeed607814046348955810d8124cccc269d35f7e0cb748288b6aec14992d475eb5838a63d2b34bcd406e3adbe082fd38cda61c98825a991020de0

Download Submit
memory/816-74-0x0000000000000000-mapping.dmp

Download
memory/984-96-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/984-71-0x000000000042B055-mapping.dmp

Download
memory/1020-131-0x0000000000330000-0x000000000036B000-memory.dmp

Filesize
236KB

Download
memory/1020-130-0x0000000000330000-0x000000000036B000-memory.dmp

Filesize
236KB

Download
memory/1020-129-0x0000000000330000-0x000000000036B000-memory.dmp

Filesize
236KB

Download
memory/1020-132-0x0000000000330000-0x000000000036B000-memory.dmp

Filesize
236KB

Download
memory/1076-135-0x0000000000310000-0x000000000034B000-memory.dmp

Filesize
236KB

Download
memory/1076-136-0x0000000000310000-0x000000000034B000-memory.dmp

Filesize
236KB

Download
memory/1100-111-0x0000000001C00000-0x0000000001C3B000-memory.dmp

Filesize
236KB

Download
memory/1100-112-0x0000000001C00000-0x0000000001C3B000-memory.dmp

Filesize
236KB

Download
memory/1100-114-0x0000000001C00000-0x0000000001C3B000-memory.dmp

Filesize
236KB

Download
memory/1100-113-0x0000000001C00000-0x0000000001C3B000-memory.dmp

Filesize
236KB

Download
memory/1152-100-0x0000000003A50000-0x0000000003A8B000-memory.dmp

Filesize
236KB

Download
memory/1152-101-0x0000000003A50000-0x0000000003A8B000-memory.dmp

Filesize
236KB

Download
memory/1152-102-0x0000000003A50000-0x0000000003A8B000-memory.dmp

Filesize
236KB

Download
memory/1152-99-0x0000000003A50000-0x0000000003A8B000-memory.dmp

Filesize
236KB

Download
memory/1244-78-0x0000000001C20000-0x0000000001C5B000-memory.dmp

Filesize
236KB

Download
memory/1244-83-0x0000000001C20000-0x0000000001C5B000-memory.dmp

Filesize
236KB

Download
memory/1244-82-0x0000000001C20000-0x0000000001C5B000-memory.dmp

Filesize
236KB

Download
memory/1244-81-0x0000000001C20000-0x0000000001C5B000-memory.dmp

Filesize
236KB

Download
memory/1244-80-0x0000000001C20000-0x0000000001C5B000-memory.dmp

Filesize
236KB

Download
memory/1328-89-0x0000000000120000-0x000000000015B000-memory.dmp

Filesize
236KB

Download
memory/1328-88-0x0000000000120000-0x000000000015B000-memory.dmp

Filesize
236KB

Download
memory/1328-87-0x0000000000120000-0x000000000015B000-memory.dmp

Filesize
236KB

Download
memory/1328-86-0x0000000000120000-0x000000000015B000-memory.dmp

Filesize
236KB

Download
memory/1352-94-0x00000000026A0000-0x00000000026DB000-memory.dmp

Filesize
236KB

Download
memory/1352-95-0x00000000026A0000-0x00000000026DB000-memory.dmp

Filesize
236KB

Download
memory/1352-93-0x00000000026A0000-0x00000000026DB000-memory.dmp

Filesize
236KB

Download
memory/1352-92-0x00000000026A0000-0x00000000026DB000-memory.dmp

Filesize
236KB

Download
memory/1608-60-0x00000000002BB000-0x00000000002BD000-memory.dmp

Filesize
8KB

Download
memory/1696-64-0x0000000000000000-mapping.dmp

Download
memory/1832-117-0x0000000000110000-0x000000000014B000-memory.dmp

Filesize
236KB

Download
memory/1832-120-0x0000000000110000-0x000000000014B000-memory.dmp

Filesize
236KB

Download
memory/1832-119-0x0000000000110000-0x000000000014B000-memory.dmp

Filesize
236KB

Download
memory/1832-118-0x0000000000110000-0x000000000014B000-memory.dmp

Filesize
236KB

Download
memory/1984-57-0x000000000042B055-mapping.dmp

Download
memory/1984-68-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1984-56-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1984-59-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/1984-75-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1984-61-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1988-123-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/1988-124-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/1988-126-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/1988-125-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/2008-106-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/2008-105-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/2008-107-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download
memory/2008-108-0x0000000000210000-0x000000000024B000-memory.dmp

Filesize
236KB

Download