222d82bbd5852d5c2356a7fa5d91f11711a3a21749d499d39bebb30583a00a12

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
Size

10.9MB
MD5

7b5063039b5b57f9ef91e5585fa16899
SHA1

306b299966d96a1395ca2a61e9651350f1485d0d
SHA256

222d82bbd5852d5c2356a7fa5d91f11711a3a21749d499d39bebb30583a00a12
SHA512

1422bb26545429d4febc40a9ddb933f6faa718df8c8587cb65d05c3614c76ebde89b5741bad6790e31a619dd3363950c8271416962ff997dc86ac7bb68b2185b
SSDEEP

196608:lNHVdzbKvZPVj3aqlwQVkeWKK7J7WwZ2uOVcLmF+UYeTP1FPNe5YLpm1XIYiueGM:lNHVdzbKvZPVj3aqlwQQ5WALmUWjFWYF

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe

Executes dropped EXE 4 IoCs

pid	Process
1256	gsudo.exe
3216	gsudo.exe
4480	curl.exe
1536	gsudo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
1256	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
3216	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe
1536	gsudo.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1256	gsudo.exe
Token: SeDebugPrivilege	3216	gsudo.exe
Token: 33	4908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4908	AUDIODG.EXE
Token: SeDebugPrivilege	1536	gsudo.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1256	968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe	86
PID 968 wrote to memory of 1256	968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe	86
PID 968 wrote to memory of 3216	968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe	88
PID 968 wrote to memory of 3216	968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe	88
PID 1256 wrote to memory of 5096	1256	gsudo.exe	90
PID 1256 wrote to memory of 5096	1256	gsudo.exe	90
PID 3216 wrote to memory of 1444	3216	gsudo.exe	91
PID 3216 wrote to memory of 1444	3216	gsudo.exe	91
PID 5096 wrote to memory of 4984	5096	cmd.exe	92
PID 5096 wrote to memory of 4984	5096	cmd.exe	92
PID 1444 wrote to memory of 1744	1444	cmd.exe	93
PID 1444 wrote to memory of 1744	1444	cmd.exe	93
PID 1744 wrote to memory of 2312	1744	cmd.exe	94
PID 1744 wrote to memory of 2312	1744	cmd.exe	94
PID 1444 wrote to memory of 4696	1444	cmd.exe	95
PID 1444 wrote to memory of 4696	1444	cmd.exe	95
PID 4696 wrote to memory of 448	4696	cmd.exe	96
PID 4696 wrote to memory of 448	4696	cmd.exe	96
PID 1444 wrote to memory of 4692	1444	cmd.exe	97
PID 1444 wrote to memory of 4692	1444	cmd.exe	97
PID 4692 wrote to memory of 1836	4692	cmd.exe	98
PID 4692 wrote to memory of 1836	4692	cmd.exe	98
PID 5096 wrote to memory of 4516	5096	cmd.exe	99
PID 5096 wrote to memory of 4516	5096	cmd.exe	99
PID 5096 wrote to memory of 3556	5096	cmd.exe	100
PID 5096 wrote to memory of 3556	5096	cmd.exe	100
PID 5096 wrote to memory of 4480	5096	cmd.exe	101
PID 5096 wrote to memory of 4480	5096	cmd.exe	101
PID 5096 wrote to memory of 4480	5096	cmd.exe	101
PID 968 wrote to memory of 1536	968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe	103
PID 968 wrote to memory of 1536	968	2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe	103
PID 1536 wrote to memory of 5052	1536	gsudo.exe	105
PID 1536 wrote to memory of 5052	1536	gsudo.exe	105
PID 5052 wrote to memory of 4792	5052	cmd.exe	106
PID 5052 wrote to memory of 4792	5052	cmd.exe	106
PID 5096 wrote to memory of 4348	5096	cmd.exe	107
PID 5096 wrote to memory of 4348	5096	cmd.exe	107
PID 5096 wrote to memory of 1700	5096	cmd.exe	108
PID 5096 wrote to memory of 1700	5096	cmd.exe	108

C:\Users\Admin\AppData\Local\Temp\2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_7b5063039b5b57f9ef91e5585fa16899_magniber.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:968
- C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe
  "C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe" C:\Users\Admin\AppData\Local\Temp\cocci10\compteur.cmd
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cocci10\compteur.cmd""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5096
  - - C:\Windows\system32\chcp.com
      CHCP 1252
      4⤵
      PID:4984
  - - C:\Windows\system32\reg.exe
      reg query "HKCU\Software\Cocci10"
      4⤵
      PID:4516
  - - C:\Windows\system32\reg.exe
      REG ADD "HKCU\Software\Cocci10" /V "License" /D "particulier" /f
      4⤵
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\cocci10\curl.exe
      curl --url "http://cocci10.fredisland.net/fofo/total_install.php?action=incrementer"
      4⤵
      Executes dropped EXE
      PID:4480
  - - C:\Windows\system32\reg.exe
      REG IMPORT C:\Users\Admin\AppData\Local\Temp\cocci10\paul32.reg /reg:32
      4⤵
      PID:4348
  - - C:\Windows\system32\reg.exe
      REG IMPORT C:\Users\Admin\AppData\Local\Temp\cocci10\paul64.reg /reg:64
      4⤵
      PID:1700
- C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe
  "C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe" C:\COCCI10\winver.cmd
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\COCCI10\winver.cmd""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "ProductName" /reg:64
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1744
    - - C:\Windows\system32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "ProductName" /reg:64
        5⤵
        
        PID:2312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "DisplayVersion"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4696
    - - C:\Windows\system32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "DisplayVersion"
        5⤵
        
        PID:448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "CurrentBuildNumber"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4692
    - - C:\Windows\system32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "CurrentBuildNumber"
        5⤵
        
        PID:1836
- C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe
  "C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe" C:\Users\Admin\AppData\Local\Temp\cocci10\iconeMenuDemarrer.cmd DESINSTALLER
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cocci10\iconeMenuDemarrer.cmd" DESINSTALLER"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5052
  - - C:\Windows\system32\chcp.com
      CHCP 1252
      4⤵
      PID:4792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\COCCI10\winver.cmd

Filesize
511B

MD5
e10dbe1bebd71152482899a4dd4cb732

SHA1
c5224d5009576310f8f180e6f74888c20151db8e

SHA256
e591fd512bc4e3ce524dc067342be2beea190772531988c29ee2fda7fa6d3b2b

SHA512
eab0c407c1d6253e7e684ff893b8a67fc91a49cf43891eee8c22aacaccc6d686434982c1e2932f8a48b22e4496e6bb2b5eb09752f72ff5dc4f1ac9616f9b9dfd

Download Submit
C:\COCCI10\winver.ini

Filesize
23B

MD5
8918c8c1d6bd778c1fa30c02f15d361b

SHA1
03126d8d243777a91b8d9ccf222ededa04baa9da

SHA256
223b14a7fe1cf6d3a3f88c62893a6d48284aed71a6bbaa33d759fb47f1b987f6

SHA512
18f071564e57e80bb8d1a8ca92fd015e836b79c1153ea196861138076aa4a085f2b0b10540295036d3f4cda2a74322c6f194983aaeee802f9577f48a7f456d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\gsudo.exe.log

Filesize
425B

MD5
fff5cbccb6b31b40f834b8f4778a779a

SHA1
899ed0377e89f1ed434cfeecc5bc0163ebdf0454

SHA256
b8f7e4ed81764db56b9c09050f68c5a26af78d8a5e2443e75e0e1aa7cd2ccd76

SHA512
1a188a14c667bc31d2651b220aa762be9cce4a75713217846fbe472a307c7bbc6e3c27617f75f489902a534d9184648d204d03ee956ac57b11aa90551248b8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cocci10\compteur.cmd

Filesize
1KB

MD5
f0c586ebbfeb51a42162a55340923ec6

SHA1
c32f07595f2376925111b28c409969755dddecf6

SHA256
98b75f9215adbe9a1ca48c8f829eaad9d094b5c68f092e19bcfa8709f13119ce

SHA512
e45a5ef2c55b70f89eb25286276cd09c02aa31c860e160a2c1fcfb68c37a0d45252cace3f6dfddfe13ae318e3b2d7ec1e5514ec81df621e8a964a02ea274d2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cocci10\curl.exe

Filesize
280KB

MD5
9963feed9f748091db1b494410099ea2

SHA1
75cfa0a957bab116feaea1b28b010f475842f40a

SHA256
9c830d596779ca665747cb78f90797d5a5fb3a1dbdedcb53ce0fd67c143a7f71

SHA512
178d92e015c58be8e659491acc58b0de59597de0475147fd6ff07f1b76b1e057355e236e5e0794b147e9f6b78295f678151bd26af08b380c34591ebae1885821

Download Submit
C:\Users\Admin\AppData\Local\Temp\cocci10\gsudo.exe

Filesize
165KB

MD5
918f5def661dc03bb013cc6d92f74312

SHA1
0179a11172b5d7dd91e3cd84ddc38bbb4dad116d

SHA256
136ac9437a248786a997b7a563e17383ec6779d58e01ccb9ca07fc9e2ebc70b5

SHA512
0a9770a7393e289c1724cbe639fcd79da519b905e1dc9849f5c6cc36f104c4fbf5801dbf08a982b91990284c2ac0ff796171685a345bcc88ef9a677c56f3c0b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cocci10\iconeMenuDemarrer.cmd

Filesize
2KB

MD5
0964e02385b3874783440cff7a13e1f1

SHA1
0cbfbed85c1fa8e4593f6848cddcb269293dbb7c

SHA256
c977ba2e6294276b5986978ab60f93c80247a94336f0eb9b89dfdf650e80bb66

SHA512
b14b188cf29baa43cbb7cde516f8db22f3ecaa8f80666966f96a9bc77389c93fccc5734f38acf425e125be82931a8197f6c84e88040d02c713328714577744e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cocci10\paul32.reg

Filesize
3KB

MD5
2689cf9d1673a0c733fcb36439aca32a

SHA1
cc30b278988b20c970c255eb93e09d9b2450bc8f

SHA256
bc042cce17821de94cc73c36b72df43de1221eaac38d853ada1e1121d1b9b24b

SHA512
2722000db1a4ee2a3b80fea66be4e3f4905841ef422234e30e55c9235cc86ae10689706178eb110fcb5372d09911e6f25345dce9dad7b29197c6bc064a679a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cocci10\paul64.reg

Filesize
3KB

MD5
ef0180ef1209e6c490553c1f2be20cc8

SHA1
5e83ae7d28ab59ff5d67a69ed66a44e1451b19b0

SHA256
53040fcd050d9bd145786f4dfef60b9a393bff12178ea139db5e52055e826fef

SHA512
10aec0a328e54d20b179da5b5213a5c1eb4c76e5b524853542f81fd6b12afdd784caaa111d76137b8dfbfb603a372894311e19b7cd573848b2da69cf0003ac9b

Download Submit
memory/968-81-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-65-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-43-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-44-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-45-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-46-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-47-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/968-48-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-49-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-94-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-51-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-52-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-53-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-54-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-55-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-56-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-57-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-58-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-59-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-60-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-61-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-62-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-63-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-64-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/968-92-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/968-67-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-66-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-68-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-69-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-70-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-71-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-72-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-73-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-74-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-75-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-76-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-77-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-78-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-91-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-80-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-87-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-88-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-84-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-83-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-82-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-42-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-85-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-86-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-89-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-90-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/968-79-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-40-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-50-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-93-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-95-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-96-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-97-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-98-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-99-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-100-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-101-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-102-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-103-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-104-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-105-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-106-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-107-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-108-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-109-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-111-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-110-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-114-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-113-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-112-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-117-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-119-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-118-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-116-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/968-115-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-120-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-121-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-122-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-123-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-124-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-125-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/968-126-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-127-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-128-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-129-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-130-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-131-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-41-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-39-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-133-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-132-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-134-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-173-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-37-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/968-38-0x0000000004560000-0x0000000004570000-memory.dmp

Filesize
64KB

Download
memory/1256-156-0x000001F5CE000000-0x000001F5CE02E000-memory.dmp

Filesize
184KB

Download
memory/4480-175-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/4480-174-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download