e727db9d24baa20a57122ecf4935dce6ee7e2f47b905bff66922cf124fdfdc8d

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b56344afe870ab14aeb6c2d136942ef.exe
Size

137KB
MD5

4b56344afe870ab14aeb6c2d136942ef
SHA1

91dea465ce8d4ed893058f9abfb617eb3d9209fa
SHA256

e727db9d24baa20a57122ecf4935dce6ee7e2f47b905bff66922cf124fdfdc8d
SHA512

6a3ec591cfb1fa124bf9637e44aaa12479e1e59d17596414843fdc248432cba5d6b83cbe2c87f325f16f21ddcd6f10b5974028d8e4f2fb58247d097ec9ccad83
SSDEEP

3072:3zSz6WhpyndlVVhnIktaibfe362Qa7RjIC6bD81+QZyyy4DI9Uc+:DSzadh1Db23fQwRjp0yy4MCc+

Score

7^/10

persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1228	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2928	tase.exe

Loads dropped DLL 2 IoCs

pid	Process
3000	4b56344afe870ab14aeb6c2d136942ef.exe
3000	4b56344afe870ab14aeb6c2d136942ef.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\{CD1E057D-EDB4-9233-A5D2-964958392D83} = "C:\\Users\\Admin\\AppData\\Roaming\\Kameqy\\tase.exe"	tase.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3000 set thread context of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Privacy	4b56344afe870ab14aeb6c2d136942ef.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	4b56344afe870ab14aeb6c2d136942ef.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\44C438EA-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe
2928	tase.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3000	4b56344afe870ab14aeb6c2d136942ef.exe
Token: SeSecurityPrivilege	3000	4b56344afe870ab14aeb6c2d136942ef.exe
Token: SeSecurityPrivilege	3000	4b56344afe870ab14aeb6c2d136942ef.exe
Token: SeManageVolumePrivilege	2424	WinMail.exe
Token: SeSecurityPrivilege	1228	cmd.exe
Token: SeManageVolumePrivilege	2904	WinMail.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2424	WinMail.exe
2904	WinMail.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2424	WinMail.exe
2904	WinMail.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2424	WinMail.exe
2904	WinMail.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2928	3000	4b56344afe870ab14aeb6c2d136942ef.exe	28
PID 3000 wrote to memory of 2928	3000	4b56344afe870ab14aeb6c2d136942ef.exe	28
PID 3000 wrote to memory of 2928	3000	4b56344afe870ab14aeb6c2d136942ef.exe	28
PID 3000 wrote to memory of 2928	3000	4b56344afe870ab14aeb6c2d136942ef.exe	28
PID 2928 wrote to memory of 1148	2928	tase.exe	18
PID 2928 wrote to memory of 1148	2928	tase.exe	18
PID 2928 wrote to memory of 1148	2928	tase.exe	18
PID 2928 wrote to memory of 1148	2928	tase.exe	18
PID 2928 wrote to memory of 1148	2928	tase.exe	18
PID 2928 wrote to memory of 1236	2928	tase.exe	11
PID 2928 wrote to memory of 1236	2928	tase.exe	11
PID 2928 wrote to memory of 1236	2928	tase.exe	11
PID 2928 wrote to memory of 1236	2928	tase.exe	11
PID 2928 wrote to memory of 1236	2928	tase.exe	11
PID 2928 wrote to memory of 1272	2928	tase.exe	17
PID 2928 wrote to memory of 1272	2928	tase.exe	17
PID 2928 wrote to memory of 1272	2928	tase.exe	17
PID 2928 wrote to memory of 1272	2928	tase.exe	17
PID 2928 wrote to memory of 1272	2928	tase.exe	17
PID 2928 wrote to memory of 1840	2928	tase.exe	15
PID 2928 wrote to memory of 1840	2928	tase.exe	15
PID 2928 wrote to memory of 1840	2928	tase.exe	15
PID 2928 wrote to memory of 1840	2928	tase.exe	15
PID 2928 wrote to memory of 1840	2928	tase.exe	15
PID 2928 wrote to memory of 3000	2928	tase.exe	27
PID 2928 wrote to memory of 3000	2928	tase.exe	27
PID 2928 wrote to memory of 3000	2928	tase.exe	27
PID 2928 wrote to memory of 3000	2928	tase.exe	27
PID 2928 wrote to memory of 3000	2928	tase.exe	27
PID 2928 wrote to memory of 2424	2928	tase.exe	29
PID 2928 wrote to memory of 2424	2928	tase.exe	29
PID 2928 wrote to memory of 2424	2928	tase.exe	29
PID 2928 wrote to memory of 2424	2928	tase.exe	29
PID 2928 wrote to memory of 2424	2928	tase.exe	29
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 3000 wrote to memory of 1228	3000	4b56344afe870ab14aeb6c2d136942ef.exe	30
PID 2928 wrote to memory of 580	2928	tase.exe	32
PID 2928 wrote to memory of 580	2928	tase.exe	32
PID 2928 wrote to memory of 580	2928	tase.exe	32
PID 2928 wrote to memory of 580	2928	tase.exe	32
PID 2928 wrote to memory of 580	2928	tase.exe	32
PID 2928 wrote to memory of 2556	2928	tase.exe	34
PID 2928 wrote to memory of 2556	2928	tase.exe	34
PID 2928 wrote to memory of 2556	2928	tase.exe	34
PID 2928 wrote to memory of 2556	2928	tase.exe	34
PID 2928 wrote to memory of 2556	2928	tase.exe	34
PID 2928 wrote to memory of 292	2928	tase.exe	37
PID 2928 wrote to memory of 292	2928	tase.exe	37
PID 2928 wrote to memory of 292	2928	tase.exe	37
PID 2928 wrote to memory of 292	2928	tase.exe	37
PID 2928 wrote to memory of 292	2928	tase.exe	37

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1236

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1840

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1272
- C:\Users\Admin\AppData\Local\Temp\4b56344afe870ab14aeb6c2d136942ef.exe
  "C:\Users\Admin\AppData\Local\Temp\4b56344afe870ab14aeb6c2d136942ef.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Users\Admin\AppData\Roaming\Kameqy\tase.exe
    "C:\Users\Admin\AppData\Roaming\Kameqy\tase.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2928
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp6a22482f.bat"
    3⤵
    - Deletes itself
    - Suspicious use of AdjustPrivilegeToken
    PID:1228

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1148

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:580

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2556

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735

Filesize
558B

MD5
3cc0012f96f8f44164c18d7de05023d9

SHA1
c8feb560d751fe720c8bdb53f5e78aa92abb9a9e

SHA256
2654c273c211ae1afc60a7736153a853142e3db028417206948576d1d57bf5d5

SHA512
626746176663e2460b18f1eb245306107060c172c4e65ad710dd75ec0b348d8f000342c0dd2f7ea3bb2e0796f61e1ddd2cd77c312d6a177ff2e70a10b68cc6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
979b2676d3b952ef6813a296f6d90111

SHA1
543a4b9646f82bd4fbc497ba9aade38a5209e9e2

SHA256
e7566b8d0d4a9537b04cb5947b87a6f0dd0fd46325671f5f99e2fffbca2576df

SHA512
916867e87868fd9903c552628426a4ebe4d6c9177f37b679cd2009f6b65005ee4fb81559ee0108f070d65ed26717f0dd9f57a63be532cff0157307ad18e3abf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735

Filesize
232B

MD5
b00b0a16ce147a6d3f9c818d2d108741

SHA1
202572043e49f69b216f930e5d1443fad1cd2ed8

SHA256
27cb469b3f40f3ad2eef70f59e0171c4dd76c9879961068ffbaeacb823dc869e

SHA512
5be7488ef88ef16922209b28821d5a2dee28101d81b2a7f04f8fe8ab76a03de603ea2b3b421adfdd2b5bcfa94866deb2c7c978ce8ed07991c679de904613accf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore

Filesize
2.0MB

MD5
efcec80380195d1ba7db95879b86412c

SHA1
a1ab25e3cd12e42a6dc2388f79bdba6dcb9a923c

SHA256
bbb9ed8ae450d45c1838087bd562141777307eda566cf33dcfb445a26c34670a

SHA512
17568506f88d71ace454922fc2cdfc76ba1dac4f90ae01a52a154154da71d6acc169d1e7178f6106da08b8e12d86a4dfc60e9e17891f5922c4974f9e4324eea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.chk

Filesize
8KB

MD5
873560bd09a0d38a02c8293447b66243

SHA1
aa6517ee1dc1ff2dd5d854e58193f5ec46a6ac8c

SHA256
0edc72ce273f90b1a09a9880804c836b072409b05894c0f61fc234f40f954c0f

SHA512
2a95a301c1c183981357ff2ae4c564c174cc934d401381b771e6f7ee00694c6f678c75024c4ee6ab16e1e654e5373c0d9a6cc298c22214b825eb7f628ab5cf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
188a07a8be3eaaf181e5a52841592770

SHA1
828788f0f5f5b85d62496f4691990c08496f35e8

SHA256
d46b2f37ca407d1891dbdbd446095245208b16ea5d540dd791e55863fc9373e3

SHA512
33309b736860e743f7e086e6bbefc3d4709fd1add8fbbd032066e9e6237113738efc5a9d6edb438c1b6c4abf436d6aac5e2e53badd658b1dd593f9af340f06ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
dc45a43ef1f1dcbe9c36aa38960484f8

SHA1
d7a908244a54343ba0eb2a3d4f97590d30234b65

SHA256
d52d46c71ee1d49210636b1dfe76ad666d2fc4289d15cc4f01d8ebf55b095286

SHA512
acaa0404a5e697621bdb7f6a9e26068bc3a54845448062b5886dacf2faf041f9f7c70e506b839f6b1047f9d1f0c1786368c9447bc9ce6928def12254eb5af958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
b046b006e4ff4e261ceb3c9a56d9143c

SHA1
d3faf24dc5e1ef30dcf41dfaaf493c5c47ac1a90

SHA256
f95ed91fea48f63d5be6cc53000091ce6a160e9e79a05424ab33fe0612a81a83

SHA512
2649eb0eaa80517cf91901199d6eda6611657f02c3f600f25bba71a0b3cf5ff6c7bf0f4597719851834e384bc4c66ec34c89b6b4f7d0c4869e459fa079b8ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD75B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6a22482f.bat

Filesize
243B

MD5
84f5b1a3f34123d76b06b926b6eeebd7

SHA1
f76c82e84e4a09bc92ec500dbb6ff23a598f2c03

SHA256
c28b208864fb734380df062a11cd2cf05d2bd5d340140dd1db7e0cf9752c4064

SHA512
c81581a9fbb97e7ea2d74e5810f7c3c50002a7a1c5e6377433fa8bf61449146418693fdc469d94fc0325416609a98d814556684a62bf1ff088458a975b56a63e

Download Submit
C:\Users\Admin\AppData\Roaming\Hize\guot.cov

Filesize
366B

MD5
3f95882fba6f5f42bdbee2007330bef7

SHA1
62e249c784bbfd2810792daab103641842184a2b

SHA256
c1f0794be1cf47d6fea3dfeba3edb7c2abc5814cce7838e30543e9e330271f9c

SHA512
1bdb485ba2f4c9b6e583a355fd33c3bc45b22c362e0fed65f5005452f3c0ad239a74468a1d276cba04eebe159b679f32b7be441f6899439a310faa8b78fa2be7

Download Submit
\Users\Admin\AppData\Roaming\Kameqy\tase.exe

Filesize
137KB

MD5
7234cffc02941069ceb975428eced7b1

SHA1
0812ddc4dfb4c91e1f9636cc50a3e3f43903c58b

SHA256
d1c9d2d628e07024553f5392b7b58073db0bb13fc9a0d458bb1ed26f3c3d9c54

SHA512
ec96117944db59091c47071db59aa35ceb849aaae0be1a03a7038c24e3ee45736fd5180aa69956852bf7aac7a9e699dba4b1f8a583161e5789d9c175634b5896

Download Submit
memory/1148-16-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1148-17-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1148-18-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1148-15-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1148-14-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1228-296-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1228-207-0x0000000077A00000-0x0000000077A01000-memory.dmp

Filesize
4KB

Download
memory/1228-205-0x00000000000B0000-0x00000000000D7000-memory.dmp

Filesize
156KB

Download
memory/1228-427-0x00000000000B0000-0x00000000000D7000-memory.dmp

Filesize
156KB

Download
memory/1236-21-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1236-20-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1236-22-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1236-23-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1272-26-0x0000000002AA0000-0x0000000002AC7000-memory.dmp

Filesize
156KB

Download
memory/1272-25-0x0000000002AA0000-0x0000000002AC7000-memory.dmp

Filesize
156KB

Download
memory/1272-28-0x0000000002AA0000-0x0000000002AC7000-memory.dmp

Filesize
156KB

Download
memory/1272-27-0x0000000002AA0000-0x0000000002AC7000-memory.dmp

Filesize
156KB

Download
memory/1840-31-0x0000000001D70000-0x0000000001D97000-memory.dmp

Filesize
156KB

Download
memory/1840-30-0x0000000001D70000-0x0000000001D97000-memory.dmp

Filesize
156KB

Download
memory/1840-32-0x0000000001D70000-0x0000000001D97000-memory.dmp

Filesize
156KB

Download
memory/1840-33-0x0000000001D70000-0x0000000001D97000-memory.dmp

Filesize
156KB

Download
memory/2928-295-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2928-12-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3000-62-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-56-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-70-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-54-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-72-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-52-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-50-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-48-0x0000000077A00000-0x0000000077A01000-memory.dmp

Filesize
4KB

Download
memory/3000-46-0x0000000077A00000-0x0000000077A01000-memory.dmp

Filesize
4KB

Download
memory/3000-74-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-76-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-78-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-135-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-181-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/3000-182-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3000-58-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-202-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3000-60-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-68-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-64-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-66-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-47-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-44-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-43-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/3000-41-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/3000-39-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/3000-37-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/3000-35-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/3000-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3000-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3000-0-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download