bbdd4456950281665578e1bbdd033e2b4a27ce04371e3e16ea0abc10983d0222

Analysis

max time kernel
13s
max time network
148s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c96248b7921f6ae5d527809c94112c70.exe
Size

201KB
MD5

c96248b7921f6ae5d527809c94112c70
SHA1

a8815206cce598db59ef7e6e075113a158530ec3
SHA256

bbdd4456950281665578e1bbdd033e2b4a27ce04371e3e16ea0abc10983d0222
SHA512

016a8b0c16687a3d2ae4cf2f85e13afb67e387c1f2e9bea844fa639e30a69aa3729aad1758d9b1d62beb43ec38d375f77c5c9cc8ac6f7ed7629c48c890e7ef41
SSDEEP

6144:Lt++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:g+cff22qZhZcKYhc/

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe,"	svchost.exe

Executes dropped EXE 1 IoCs

pid	Process
2580	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe
2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\c2f572d1 = "C:\\Windows\\apppatch\\svchost.exe"	NEAS.c96248b7921f6ae5d527809c94112c70.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\c2f572d1 = "C:\\Windows\\apppatch\\svchost.exe"	svchost.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Defender\qetyfuv.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\qetyfuv.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\galyqaz.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lyrysor.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vonypom.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\galyqaz.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\vocyzit.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lysyfyj.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lymyxid.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lymyxid.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lysyfyj.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\vonypom.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\puzylyp.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\puzylyp.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lyrysor.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vocyzit.com	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\apppatch\svchost.exe	NEAS.c96248b7921f6ae5d527809c94112c70.exe
File opened for modification	C:\Windows\apppatch\svchost.exe	NEAS.c96248b7921f6ae5d527809c94112c70.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	svchost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2580	svchost.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2580	2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe	28
PID 2260 wrote to memory of 2580	2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe	28
PID 2260 wrote to memory of 2580	2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe	28
PID 2260 wrote to memory of 2580	2260	NEAS.c96248b7921f6ae5d527809c94112c70.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.c96248b7921f6ae5d527809c94112c70.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c96248b7921f6ae5d527809c94112c70.exe"
1⤵
- Loads dropped DLL
- Modifies WinLogon
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\apppatch\svchost.exe
  "C:\Windows\apppatch\svchost.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Modifies WinLogon
  - Drops file in Program Files directory
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Windows Defender\galynuh.com

Filesize
593B

MD5
926512864979bc27cf187f1de3f57aff

SHA1
acdeb9d6187932613c7fa08eaf28f0cd8116f4b5

SHA256
b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f

SHA512
f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b

Download Submit
C:\Program Files (x86)\Windows Defender\lyrysor.com

Filesize
1KB

MD5
76aaac26fd203b334d754a46d36c6a05

SHA1
75d759866fe28f6d7111fee969d1d914f88199c7

SHA256
b884cf20d97108ec915fcc98571c9c32295496e81439849d64b80eecc5a01b83

SHA512
a7ff012687b8fc8ad85c23506b0baef11b5e9139c823b05f50df7e3d94463e0d1212d659e16bb29a10acc371167a96a5e7264b4ab6ca738e3c1ab299f3fcae9a

Download Submit
C:\Program Files (x86)\Windows Defender\lysyfyj.com

Filesize
481B

MD5
744da96cbd96a24251fba7ead602a964

SHA1
e017ab83c80e2101faa17c5d7dadfccf6bcb5841

SHA256
27717c9807568b585b82a6b228f46048f257ab292c4e01f6c2c17d64ddd1a62c

SHA512
fff691956fb2bb5cd32fc12d22bf252f2052f5b369505b364d5f03f49005e2fff04cdc80514f8feee1749ebee74bda61460b840e52afcc73436eab0b790a0e23

Download Submit
C:\Program Files (x86)\Windows Defender\qegyval.com

Filesize
300B

MD5
919cb5cc79b989306352553cbba4df76

SHA1
eca20f9070081dda0ceb5068a675b92d3a2bc73d

SHA256
071bd8e85da33c1a648c3eedb1adb0a23c456e4d78832c87dbc773876bbf038c

SHA512
37431ffa9a6ec980306ec99e54ca1db00c30395f4786ba57b476f42ed41872de4ef6c89a39b0755bbef53cd56b4ed9240515f920867eb612c8dc4a0c46eb149b

Download Submit
C:\Program Files (x86)\Windows Defender\vofycot.com

Filesize
302B

MD5
e9f0ea4841e3e95ac5c42e9456d86879

SHA1
e5c84b1d113b42705040b3638c68d910151611bf

SHA256
b2ed2b34413f95437d2ef427d6ae61d41cbbe17a89c8a2e9ff7040cd5d6d7da3

SHA512
ce1d3435742e2b0a29f5f829da817f6d819242b92bbcb306eb33e84368ea41b863c7ad676bc30ea5bd4e405f4bc5c53b52941081c16095b3e6bddd63fdf1a84a

Download Submit
C:\Program Files (x86)\Windows Defender\vonyket.com

Filesize
300B

MD5
5cd7b8ad97a2bbba5c38bc36531af422

SHA1
ac31f5085d380841f2c8cee03263f57011b8ba01

SHA256
41b550353cd44bf9a8ac3a7c874eb623b25e63df15fac5fd8028406c343c75bb

SHA512
23dd6b623e487ae061f25e42e62d5872b41caa8979a9a9ba2853cbccdd65c388839039e9cf47d2ca3b8d170d7a7307c878a11f0bddb5812787018f2765ff972d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
00559f32be91eb7174dd66cd882e1642

SHA1
cfe0378910d14c362dfe97726e2bf5a58d498e77

SHA256
667c5143a6bcaa4dcb9ea08c0b0f5dfec07d2a851326fc29ee34887adb00b941

SHA512
d70a17e16f9c9d59fee1bf29c5d61d84c28e72137680016bfb27385ca084e08f46701b534ac7f24072f3ef80f773a4ba621bb98f186b66dd603e3ffc50c397a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a4759ba733895ba6b343e1460b6d7775

SHA1
5f2364ec3097d734c9f3e4a20380771ee349f817

SHA256
d7e2d1cc2220046734c8fbb637c5cfaf22f96cf2a0a88aa3093a6bc554c4fb09

SHA512
7dce19f94a479b10248c4925c1750bac09f67784ea5385a207c1a29ca804b2061b8c11b14988b2fe5ab6a8e245431a5de52de0a096514b56bce80dc7619a4ac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fc320699415a1c10081681a8236267e0

SHA1
ea52f6349e7818e50841a31b9dd7cf3fb70d245e

SHA256
8e12bdfcf579d676169eff4677471b10a630258c200bdfd0e08f53bdca6bdbf2

SHA512
ed3feaff6e5c1801f48111202a029c3996291856b181b98f880f786eaba821239e91ca1925be4c0c79356bf967becdab0dcd5c807d55b6a828d1d4c960a6e515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4b1f5c3d12697a0d693f468a7b2a6d44

SHA1
2c42bb2b9d840e7d7ab8469b5bd03dc392a710f7

SHA256
a73993f74ad12c541ec7bfac8e7912b1dce510d1d0780750bbc238354ef57972

SHA512
d6c84b45a9c48a3ef25dbcee41402da94415eac438e83f9edcd94cd2c8bea889b90fc313ee8846aefe681b5d3a93876c2a06fdbc741c88e58f1a2d858251b8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04G0TJCH\login[1].htm

Filesize
168B

MD5
d57e3a550060f85d44a175139ea23021

SHA1
2c5cb3428a322c9709a34d04dd86fe7628f8f0a6

SHA256
43edf068d34276e8ade4113d4d7207de19fc98a2ae1c07298e593edae2a8774c

SHA512
0364fe6a010fce7a3f4a6344c84468c64b20fd131f3160fc649db78f1075ba52d8a1c4496e50dbe27c357e01ee52e94cdcda8f7927cba28d5f2f45b9da690063

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9427.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9581.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Windows\AppPatch\svchost.exe

Filesize
201KB

MD5
0acb65951a8ff0b84ae75dcfec8d2ab2

SHA1
f7fc27f8da2deb9952c8b8b8425afcbc9732f4cd

SHA256
630db0e80208b2f77e65f64a1444ff1f1082dcb7cf233001636d9ea72421ac75

SHA512
703c8b2122b00ed246ce7d006b01f10821947328cb8512a0509c91067417aae3d611a9c1042a26e26e54c51bd1cc3ae5353d9c13466cc8fba495d683318ec7c3

Download Submit
C:\Windows\AppPatch\svchost.exe

Filesize
201KB

MD5
0acb65951a8ff0b84ae75dcfec8d2ab2

SHA1
f7fc27f8da2deb9952c8b8b8425afcbc9732f4cd

SHA256
630db0e80208b2f77e65f64a1444ff1f1082dcb7cf233001636d9ea72421ac75

SHA512
703c8b2122b00ed246ce7d006b01f10821947328cb8512a0509c91067417aae3d611a9c1042a26e26e54c51bd1cc3ae5353d9c13466cc8fba495d683318ec7c3

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
201KB

MD5
0acb65951a8ff0b84ae75dcfec8d2ab2

SHA1
f7fc27f8da2deb9952c8b8b8425afcbc9732f4cd

SHA256
630db0e80208b2f77e65f64a1444ff1f1082dcb7cf233001636d9ea72421ac75

SHA512
703c8b2122b00ed246ce7d006b01f10821947328cb8512a0509c91067417aae3d611a9c1042a26e26e54c51bd1cc3ae5353d9c13466cc8fba495d683318ec7c3

Download Submit
\Windows\AppPatch\svchost.exe

Filesize
201KB

MD5
0acb65951a8ff0b84ae75dcfec8d2ab2

SHA1
f7fc27f8da2deb9952c8b8b8425afcbc9732f4cd

SHA256
630db0e80208b2f77e65f64a1444ff1f1082dcb7cf233001636d9ea72421ac75

SHA512
703c8b2122b00ed246ce7d006b01f10821947328cb8512a0509c91067417aae3d611a9c1042a26e26e54c51bd1cc3ae5353d9c13466cc8fba495d683318ec7c3

Download Submit
\Windows\AppPatch\svchost.exe

Filesize
201KB

MD5
0acb65951a8ff0b84ae75dcfec8d2ab2

SHA1
f7fc27f8da2deb9952c8b8b8425afcbc9732f4cd

SHA256
630db0e80208b2f77e65f64a1444ff1f1082dcb7cf233001636d9ea72421ac75

SHA512
703c8b2122b00ed246ce7d006b01f10821947328cb8512a0509c91067417aae3d611a9c1042a26e26e54c51bd1cc3ae5353d9c13466cc8fba495d683318ec7c3

Download Submit
memory/2260-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2260-18-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2260-16-0x0000000000220000-0x000000000026F000-memory.dmp

Filesize
316KB

Download
memory/2260-2-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2260-1-0x0000000000220000-0x000000000026F000-memory.dmp

Filesize
316KB

Download
memory/2580-54-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-77-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-43-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-45-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-46-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-42-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-47-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-41-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-49-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-48-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-50-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-51-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-53-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-56-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-57-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-55-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-58-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-44-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-59-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-52-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-63-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-67-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-69-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-70-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-71-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-68-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-66-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-74-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-76-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-40-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-75-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-78-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-80-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-82-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-83-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-79-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-72-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-73-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-65-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-64-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-62-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-61-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-60-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-39-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-38-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-268-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2580-36-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-34-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-32-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-30-0x00000000004A0000-0x0000000000544000-memory.dmp

Filesize
656KB

Download
memory/2580-28-0x00000000004A0000-0x0000000000544000-memory.dmp

Filesize
656KB

Download
memory/2580-26-0x00000000004A0000-0x0000000000544000-memory.dmp

Filesize
656KB

Download
memory/2580-530-0x00000000024F0000-0x00000000025A2000-memory.dmp

Filesize
712KB

Download
memory/2580-24-0x00000000004A0000-0x0000000000544000-memory.dmp

Filesize
656KB

Download
memory/2580-22-0x00000000004A0000-0x0000000000544000-memory.dmp

Filesize
656KB

Download
memory/2580-20-0x00000000004A0000-0x0000000000544000-memory.dmp

Filesize
656KB

Download
memory/2580-19-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2580-17-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download