b49ea4710e237aaba3dc9fcd8421791829f8d0822a3e612a53cac210fedbe66a

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c7611beb3a7758462c0426b9438d6a1.exe
Size

183KB
MD5

7c7611beb3a7758462c0426b9438d6a1
SHA1

f5a6421269ae14198a60fe7365f0a18db346ac57
SHA256

b49ea4710e237aaba3dc9fcd8421791829f8d0822a3e612a53cac210fedbe66a
SHA512

d79c70e0d146836f423b07b8898b61a6047f043fa455251509aa60b6365acf654188b99b63eea106cffe002b15af1e34b01f2d70e0766e2647c64734a43d3390
SSDEEP

3072:AFQbQggVYlC6LkUF3QhUHyWw6TAqnRZgIy8MokvLBCiBqaz:ZsgaYo6YUFg2H+SAKcICfC

Score

7^/10

persistence upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
584	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2148	luroc.exe

Loads dropped DLL 2 IoCs

pid	Process
2340	7c7611beb3a7758462c0426b9438d6a1.exe
2340	7c7611beb3a7758462c0426b9438d6a1.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2340-1-0x0000000000400000-0x00000000015B8000-memory.dmp	upx
behavioral1/memory/2340-0-0x0000000000400000-0x00000000015B8000-memory.dmp	upx
behavioral1/files/0x0009000000014390-12.dat	upx
behavioral1/files/0x0009000000014390-10.dat	upx
behavioral1/memory/2148-13-0x0000000000400000-0x00000000015B8000-memory.dmp	upx
behavioral1/files/0x0009000000014390-15.dat	upx
behavioral1/files/0x0009000000014390-8.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\{FC3B5AD7-D47E-6D1D-7955-E3BE6C3A9A9B} = "C:\\Users\\Admin\\AppData\\Roaming\\Vitoe\\luroc.exe"	luroc.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2340 set thread context of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Privacy	7c7611beb3a7758462c0426b9438d6a1.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	7c7611beb3a7758462c0426b9438d6a1.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	luroc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	luroc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	luroc.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6C946C69-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe
2148	luroc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2340	7c7611beb3a7758462c0426b9438d6a1.exe
Token: SeSecurityPrivilege	2340	7c7611beb3a7758462c0426b9438d6a1.exe
Token: SeSecurityPrivilege	2340	7c7611beb3a7758462c0426b9438d6a1.exe
Token: SeManageVolumePrivilege	1620	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1620	WinMail.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1620	WinMail.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1620	WinMail.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2148	2340	7c7611beb3a7758462c0426b9438d6a1.exe	29
PID 2340 wrote to memory of 2148	2340	7c7611beb3a7758462c0426b9438d6a1.exe	29
PID 2340 wrote to memory of 2148	2340	7c7611beb3a7758462c0426b9438d6a1.exe	29
PID 2340 wrote to memory of 2148	2340	7c7611beb3a7758462c0426b9438d6a1.exe	29
PID 2148 wrote to memory of 1276	2148	luroc.exe	9
PID 2148 wrote to memory of 1276	2148	luroc.exe	9
PID 2148 wrote to memory of 1276	2148	luroc.exe	9
PID 2148 wrote to memory of 1276	2148	luroc.exe	9
PID 2148 wrote to memory of 1276	2148	luroc.exe	9
PID 2148 wrote to memory of 1328	2148	luroc.exe	8
PID 2148 wrote to memory of 1328	2148	luroc.exe	8
PID 2148 wrote to memory of 1328	2148	luroc.exe	8
PID 2148 wrote to memory of 1328	2148	luroc.exe	8
PID 2148 wrote to memory of 1328	2148	luroc.exe	8
PID 2148 wrote to memory of 1356	2148	luroc.exe	7
PID 2148 wrote to memory of 1356	2148	luroc.exe	7
PID 2148 wrote to memory of 1356	2148	luroc.exe	7
PID 2148 wrote to memory of 1356	2148	luroc.exe	7
PID 2148 wrote to memory of 1356	2148	luroc.exe	7
PID 2148 wrote to memory of 1204	2148	luroc.exe	5
PID 2148 wrote to memory of 1204	2148	luroc.exe	5
PID 2148 wrote to memory of 1204	2148	luroc.exe	5
PID 2148 wrote to memory of 1204	2148	luroc.exe	5
PID 2148 wrote to memory of 1204	2148	luroc.exe	5
PID 2148 wrote to memory of 2340	2148	luroc.exe	1
PID 2148 wrote to memory of 2340	2148	luroc.exe	1
PID 2148 wrote to memory of 2340	2148	luroc.exe	1
PID 2148 wrote to memory of 2340	2148	luroc.exe	1
PID 2148 wrote to memory of 2340	2148	luroc.exe	1
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2340 wrote to memory of 584	2340	7c7611beb3a7758462c0426b9438d6a1.exe	32
PID 2148 wrote to memory of 1112	2148	luroc.exe	30
PID 2148 wrote to memory of 1112	2148	luroc.exe	30
PID 2148 wrote to memory of 1112	2148	luroc.exe	30
PID 2148 wrote to memory of 1112	2148	luroc.exe	30
PID 2148 wrote to memory of 1112	2148	luroc.exe	30
PID 2148 wrote to memory of 2440	2148	luroc.exe	33
PID 2148 wrote to memory of 2440	2148	luroc.exe	33
PID 2148 wrote to memory of 2440	2148	luroc.exe	33
PID 2148 wrote to memory of 2440	2148	luroc.exe	33
PID 2148 wrote to memory of 2440	2148	luroc.exe	33

C:\Users\Admin\AppData\Local\Temp\7c7611beb3a7758462c0426b9438d6a1.exe
"C:\Users\Admin\AppData\Local\Temp\7c7611beb3a7758462c0426b9438d6a1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Roaming\Vitoe\luroc.exe
  "C:\Users\Admin\AppData\Roaming\Vitoe\luroc.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp57110a03.bat"
  2⤵
  - Deletes itself
  PID:584

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1204

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1356

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1328

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1276

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1112

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
483KB

MD5
ba1f8bbb1c2e017d9f9f04d87b4ea6a6

SHA1
f350be60b0690663a995a6642d1d399b192c7db7

SHA256
d705f7536615402ee5d46e9eac1fddb6ff65e958707524dea2d35a624f3ab82b

SHA512
3ff2b35dfdbd2ec23575f68241a3bc028a47267eccbdec74bdfc1cd307fb082d6db6f850a6eaa57727cc899ebf4909e559bfa202b7c0ee75557c270cc97ce8da

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp57110a03.bat

Filesize
243B

MD5
0f4479fde4065678b802ffd33faffe3d

SHA1
b460c44ce65657d787526e26938acc26e2322c7b

SHA256
45a7a642bcb7a95dd94d09ba0cd41a8df0ccf5d262019974dd44f77f28302133

SHA512
3f7aa0351230d1ad2bfc4b2d04c4cdd8a62939935fcd9bf3c1c40058d970d88a7826739ab05d383ed455da67e7c5b917326d54220454af7a3914be5a986d04cd

Download Submit
C:\Users\Admin\AppData\Roaming\Agatde\kuqef.ylt

Filesize
366B

MD5
ffbd738b899ad4c9fa0121a63a2b9d7e

SHA1
b7c1dac2e2b4ae1bfe9a503291b04db931b6a333

SHA256
03cfb8c91dea04e448690bb81e91652fb73d5ffd0f6e4117e53e3a2c0482278a

SHA512
9b56a2146deef2ed30211ebcac200124e03df776a92f0b0e247c1e76c18523219fc9afd789f498936a7a9fb369b1e34c11d828265f49f0cf686ee8efa882787c

Download Submit
C:\Users\Admin\AppData\Roaming\Vitoe\luroc.exe

Filesize
172KB

MD5
d4c6d7081bddd9db64bd2018ea1d4bef

SHA1
fd3ca7f2abadc7f95737480fcf8a9e4ef48f0a21

SHA256
f50cb6c245fdae48745c9652bdbf181f5a8545b3f8c6676df7fbebd9f4a2941e

SHA512
170ca4c88fecf91d64c4488c3543a7159fa0883bd533c745c3d99eaaf08032fef607be77aa2b99a8514e7cb3ad3e5dfdb9558e2821a89989dfb9f0074453af6d

Download Submit
C:\Users\Admin\AppData\Roaming\Vitoe\luroc.exe

Filesize
165KB

MD5
28474188b63a832bbbc4a5b8d4a82b62

SHA1
f449ba8372befe5559ba96960f42615a641c8f7b

SHA256
b0319b33d4e3f07cd36510a4f20f63a99fb71323d8b35b15f651381fbf29a5a1

SHA512
21544826f6417ba622d9347297ad26c46692f8cf8d7000c96c9601cf7fe6a4100add23a3a3c385d408e2494d278c415c627fb4f034ab5c8ae0a07ada4a170dab

Download Submit
C:\Users\Admin\AppData\Roaming\Vitoe\luroc.exe

Filesize
37KB

MD5
5520e2a6e80480057a8091796b280079

SHA1
c1eae7a5666b48bb963106e5502b768fd27cdd7d

SHA256
ec136f77fb0de1e0c5cded4590a1f63ba901f1a2aa86ce936db630197684ff01

SHA512
35cf9fe768e5172c4da2d7dcc1737b90f31b78f12f348c87b2a57da7a67036177a4cc33cdff1439dbc0fe0cae536fef253350c451bfd93384c90ab58d4975f9f

Download Submit
\Users\Admin\AppData\Roaming\Vitoe\luroc.exe

Filesize
183KB

MD5
64910d3b7bbcfe065deaafa21d32fc6b

SHA1
d164ebf57bd833492a469572caaf139807be3d27

SHA256
c8766dff2fe68f055306c263ed25468898ec7e49ce66d091b65042ff2a65d782

SHA512
4cadf079a07d8fc07211a4ebc1c8ed14175c0265e83fd777f73f520c8c9ffc7d8220dfc6258d239ddc8c4f23a9c87d9275c56ea2c291df02c92f0d8e97659a26

Download Submit
memory/584-315-0x0000000000050000-0x000000000007E000-memory.dmp

Filesize
184KB

Download
memory/584-222-0x0000000077740000-0x0000000077741000-memory.dmp

Filesize
4KB

Download
memory/584-220-0x0000000077740000-0x0000000077741000-memory.dmp

Filesize
4KB

Download
memory/584-216-0x0000000000050000-0x000000000007E000-memory.dmp

Filesize
184KB

Download
memory/584-316-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1204-37-0x0000000000350000-0x000000000037E000-memory.dmp

Filesize
184KB

Download
memory/1204-36-0x0000000000350000-0x000000000037E000-memory.dmp

Filesize
184KB

Download
memory/1204-35-0x0000000000350000-0x000000000037E000-memory.dmp

Filesize
184KB

Download
memory/1204-34-0x0000000000350000-0x000000000037E000-memory.dmp

Filesize
184KB

Download
memory/1276-21-0x0000000001F10000-0x0000000001F3E000-memory.dmp

Filesize
184KB

Download
memory/1276-17-0x0000000001F10000-0x0000000001F3E000-memory.dmp

Filesize
184KB

Download
memory/1276-19-0x0000000001F10000-0x0000000001F3E000-memory.dmp

Filesize
184KB

Download
memory/1276-16-0x0000000001F10000-0x0000000001F3E000-memory.dmp

Filesize
184KB

Download
memory/1276-20-0x0000000001F10000-0x0000000001F3E000-memory.dmp

Filesize
184KB

Download
memory/1328-27-0x0000000001F90000-0x0000000001FBE000-memory.dmp

Filesize
184KB

Download
memory/1328-26-0x0000000001F90000-0x0000000001FBE000-memory.dmp

Filesize
184KB

Download
memory/1328-25-0x0000000001F90000-0x0000000001FBE000-memory.dmp

Filesize
184KB

Download
memory/1328-24-0x0000000001F90000-0x0000000001FBE000-memory.dmp

Filesize
184KB

Download
memory/1356-30-0x0000000002980000-0x00000000029AE000-memory.dmp

Filesize
184KB

Download
memory/1356-32-0x0000000002980000-0x00000000029AE000-memory.dmp

Filesize
184KB

Download
memory/1356-31-0x0000000002980000-0x00000000029AE000-memory.dmp

Filesize
184KB

Download
memory/1356-29-0x0000000002980000-0x00000000029AE000-memory.dmp

Filesize
184KB

Download
memory/2148-376-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2148-360-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2148-13-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2148-22-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-52-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-58-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-54-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-77-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-50-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-48-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-46-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-44-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-43-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-42-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-41-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-40-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-39-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-78-0x0000000077740000-0x0000000077741000-memory.dmp

Filesize
4KB

Download
memory/2340-140-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-80-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-76-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-56-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-74-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-72-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-60-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-62-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-1-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-64-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-218-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-18-0x0000000003330000-0x00000000044E8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-224-0x0000000002D00000-0x0000000002D2E000-memory.dmp

Filesize
184KB

Download
memory/2340-14-0x0000000003330000-0x00000000044E8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-66-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-3-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-2-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-0-0x0000000000400000-0x00000000015B8000-memory.dmp

Filesize
17.7MB

Download
memory/2340-68-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2340-70-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download