16054e404ec3eab8c6ce1cad6d52ab35b0642781f4cb60416798dd06346bf7f6

Analysis

max time kernel
143s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 12:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2091602d930b824fb07d349446ce1610.exe
Size

1.0MB
MD5

2091602d930b824fb07d349446ce1610
SHA1

40418ed0a371c8e6ec61ff942d92a0d2f34b4a4c
SHA256

16054e404ec3eab8c6ce1cad6d52ab35b0642781f4cb60416798dd06346bf7f6
SHA512

72f8d0dabd2cf71ca48ecc46e39f715e2da80a3c72f2ff36fbf1347fcf1b9a2b137774b5293cea2a5254ac2b8734facd7dce30c144e0ec1b09826dccf304f683
SSDEEP

24576:JmUNJyJqb1FcMap2ATT5umUNJyJqb1FcMap2ATT5umUNJyJqb1FcMap2ATT5:JmV2ApumV2ApumV2Ap

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe,"	svchost.exe

Executes dropped EXE 1 IoCs

pid	Process
2960	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
2204	2091602d930b824fb07d349446ce1610.exe
2204	2091602d930b824fb07d349446ce1610.exe

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\3f91eb3e = "LßŽÜ:çeÄj\x16“»Ãb\x0fÈ«ˆ\x1f§ÞDÊ%U´>\\\x02Š\x14Ý÷£÷ëk!I\u009dÝ/b¹í“‡YÙ\x0fåŠ7‘#O9\x1a±C\x03ñÅš‹Â‰Qï\x0fWÅÊ‰?\"g\x13÷…\u008fƒóm2•õ_c\x0fOUÇÓ'{û\"²qOƒÒ\x7fOÕ+ÿâ*bCÓ\x0f\x02Eò\u009d[\x0f?mYñšâ/“ÓZçã\x13›\x1fË¢‰ûù%¢\x11ºÊº‡\x12\u00adÛOÙñÏÕkj£\x19÷W;+ª#\"m\x0fÊs™ÁºsWC›‚Zwyq_/B‚:Å³Zµ…\u0081{\rê\n1óÂ•ÊÃªJ»k‹re\x7fOJ»é‹ÛÒ!K›c)#K\u008dÃÛ‰1K\x03rY£R¯\x05…›\x13zšo\x13U)\u009d‡ÒIÍª;S:ã³"	2091602d930b824fb07d349446ce1610.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\3f91eb3e = "LßŽÜ:çeÄj\x16“»Ãb\x0fÈ«ˆ\x1f§ÞDÊ%U´>\\\x02Š\x14Ý÷£÷ëk!I\u009dÝ/b¹í“‡YÙ\x0fåŠ7‘#O9\x1a±C\x03ñÅš‹Â‰Qï\x0fWÅÊ‰?\"g\x13÷…\u008fƒóm2•õ_c\x0fOUÇÓ'{û\"²qOƒÒ\x7fOÕ+ÿâ*bCÓ\x0f\x02Eò\u009d[\x0f?mYñšâ/“ÓZçã\x13›\x1fË¢‰ûù%¢\x11ºÊº‡\x12\u00adÛOÙñÏÕkj£\x19÷W;+ª#\"m\x0fÊs™ÁºsWC›‚Zwyq_/B‚:Å³Zµ…\u0081{\rê\n1óÂ•ÊÃªJ»k‹re\x7fOJ»é‹ÛÒ!K›c)#K\u008dÃÛ‰1K\x03rY£R¯\x05…›\x13zšo\x13U)\u009d‡ÒIÍª;S:ã³"	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\apppatch\svchost.exe	2091602d930b824fb07d349446ce1610.exe
File opened for modification	C:\Windows\apppatch\svchost.exe	2091602d930b824fb07d349446ce1610.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	svchost.exe

Suspicious behavior: EnumeratesProcesses 45 IoCs

pid	Process
2204	2091602d930b824fb07d349446ce1610.exe
2204	2091602d930b824fb07d349446ce1610.exe
2204	2091602d930b824fb07d349446ce1610.exe
2204	2091602d930b824fb07d349446ce1610.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe
2960	svchost.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	2091602d930b824fb07d349446ce1610.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2960	2204	2091602d930b824fb07d349446ce1610.exe	28
PID 2204 wrote to memory of 2960	2204	2091602d930b824fb07d349446ce1610.exe	28
PID 2204 wrote to memory of 2960	2204	2091602d930b824fb07d349446ce1610.exe	28
PID 2204 wrote to memory of 2960	2204	2091602d930b824fb07d349446ce1610.exe	28

C:\Users\Admin\AppData\Local\Temp\2091602d930b824fb07d349446ce1610.exe
"C:\Users\Admin\AppData\Local\Temp\2091602d930b824fb07d349446ce1610.exe"
1⤵
- Loads dropped DLL
- Modifies WinLogon
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\apppatch\svchost.exe
  "C:\Windows\apppatch\svchost.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Modifies WinLogon
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Windows\AppPatch\svchost.exe

Filesize
196KB

MD5
3709b2c0234c17d6b3f7689cd8f9848f

SHA1
b4765b38692138619da0e17d1b1c93995a373e3e

SHA256
e490eff80a44f1abdd9f246194043f64651e164d77f4c6f6ab1ef8dd78f84c7e

SHA512
8a19673729f772f5c2844f66c5482d5eee46b72db006cc603fe60e6a8e8fa9ce224a75e1afec0b2da3609595d0d901f6d79c18d753f9c9986e0f3231550238be

Download Submit
C:\Windows\AppPatch\svchost.exe

Filesize
450KB

MD5
969c28f4de0892f6c05028079e45f44a

SHA1
52eafd89a2496bc9e55f63ff417fe67d6c1f7c45

SHA256
85d5fc4d5af231264b03b1c3d782a2e641fdcfe50963238ab88e8a9aabb7ed6b

SHA512
18ca066cb388b6d7f795150eb1dbc63f11a164c46d17dc3823ff18f7a0917eb89adabd567555a2d9933daf0eeb7d39f479e46eac525a5ccc0f02bb2dabdd7425

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
201KB

MD5
0527fc4157e224eac102de3be3923857

SHA1
3272c6f42c8ad8a8988419ede24aa8f2ebce2b32

SHA256
38214fcf3b9cb400d05ec226d0b1d44f3807c6c0e7b1ad25704a1bc89393c24c

SHA512
e4a28b638e4df0ee8d987d624be843615fec502413074a549b333c260577ef3eeace2d13e64e937926fc39b8f449e73c57567505432a5afd72723020dac839de

Download Submit
\Windows\AppPatch\svchost.exe

Filesize
847KB

MD5
6ad63dd3720bb64b1639deb52b4057cc

SHA1
568f2e74aaf02d338ca4a028ece9d4649bca164b

SHA256
e2781a96f53aa0d3355b9548018f52720d3cbe780d6cbe070270166dc1bb5e76

SHA512
e4afaf01c625895d42b7e4134a613b9e9dfa20b82dcca8b53d68b1f6568f12ff38005ab0b4db2208a8b140eef523a078e4ad7c485fc47d016f279345c69831a6

Download Submit
\Windows\AppPatch\svchost.exe

Filesize
95KB

MD5
04764053ba710431be55e473ffdd4490

SHA1
d0bf864e5d2883cfa5b4630269a4f0b10bad8923

SHA256
75f96f77b4823797f98f12a439f157dbddbfccbaf56b6f5698d7a680abdc280f

SHA512
3939c5517c49fc34942e866dcd7cc8feac84a1ba325fb85d8a40ab5ca946729a0a7ea11784355fb8a9b17bba7e310524277bd43124895f0402b5841af062548d

Download Submit
memory/2960-69-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-58-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-23-0x00000000021B0000-0x0000000002258000-memory.dmp

Filesize
672KB

Download
memory/2960-21-0x00000000021B0000-0x0000000002258000-memory.dmp

Filesize
672KB

Download
memory/2960-19-0x00000000021B0000-0x0000000002258000-memory.dmp

Filesize
672KB

Download
memory/2960-15-0x00000000021B0000-0x0000000002258000-memory.dmp

Filesize
672KB

Download
memory/2960-24-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-30-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-27-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-34-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-33-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-36-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-41-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-44-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-51-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-50-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-53-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-57-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-67-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-70-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-75-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-76-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-78-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-77-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-73-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-74-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-13-0x00000000021B0000-0x0000000002258000-memory.dmp

Filesize
672KB

Download
memory/2960-72-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-17-0x00000000021B0000-0x0000000002258000-memory.dmp

Filesize
672KB

Download
memory/2960-71-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-60-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-65-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-66-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-64-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-63-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-61-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-62-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-59-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-68-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-54-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-56-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-55-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-52-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-49-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-48-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-47-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-46-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-45-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-43-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-42-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-40-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-39-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-38-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-37-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-35-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-31-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-32-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download
memory/2960-191-0x0000000002360000-0x0000000002416000-memory.dmp

Filesize
728KB

Download