ba090f00dec7afbd561670d2a345193fe2d8c10688aa3b5c73972918d1a55a4a

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Connectify.exe
Size

1.5MB
MD5

fbbb0bb982e825891744e4c89e8266a9
SHA1

29e83aed8e98f5c3997cef00943c80ce00aa646d
SHA256

d07b54449ccca041621362f1ea26db28c606cd6414cabf7260effbffed15ba87
SHA512

21f9c1e67d086387f0398dc4d4df3361bd69b552fa311e2f9a15a61c607496497d8ab93cc516c26bf1a659cc6ec6aa5c15d788d0553712513e71532eadd8ef33
SSDEEP

12288:DNlp/dQpKaUfKaUDpNwYxzlK0gsgoG3ugykGfsggZKaUe:DNz/CpjEjWpuY59gsgtgk6wjr

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	Connectify.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	Connectify.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	Connectify.exe
File created	C:\Windows\assembly\Desktop.ini	Connectify.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	Connectify.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Connectify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Connectify.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Connectify.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe
4528	Connectify.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4528	Connectify.exe
4528	Connectify.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 1984	4528	Connectify.exe	81
PID 4528 wrote to memory of 1984	4528	Connectify.exe	81
PID 4528 wrote to memory of 1984	4528	Connectify.exe	81
PID 1984 wrote to memory of 4288	1984	csc.exe	83
PID 1984 wrote to memory of 4288	1984	csc.exe	83
PID 1984 wrote to memory of 4288	1984	csc.exe	83
PID 4528 wrote to memory of 1280	4528	Connectify.exe	84
PID 4528 wrote to memory of 1280	4528	Connectify.exe	84
PID 4528 wrote to memory of 1280	4528	Connectify.exe	84
PID 1280 wrote to memory of 1660	1280	csc.exe	86
PID 1280 wrote to memory of 1660	1280	csc.exe	86
PID 1280 wrote to memory of 1660	1280	csc.exe	86
PID 4528 wrote to memory of 4060	4528	Connectify.exe	87
PID 4528 wrote to memory of 4060	4528	Connectify.exe	87
PID 4528 wrote to memory of 4060	4528	Connectify.exe	87
PID 4060 wrote to memory of 3016	4060	csc.exe	89
PID 4060 wrote to memory of 3016	4060	csc.exe	89
PID 4060 wrote to memory of 3016	4060	csc.exe	89

C:\Users\Admin\AppData\Local\Temp\Connectify.exe
"C:\Users\Admin\AppData\Local\Temp\Connectify.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tm4rdjqv.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8AFB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8AFA.tmp"
    3⤵
    PID:4288
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ufpbe8ws.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1280
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8CB0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8CAF.tmp"
    3⤵
    PID:1660
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\buxkftvd.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES958A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9589.tmp"
    3⤵
    PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES8AFB.tmp

Filesize
1KB

MD5
662811dcf8e0f52290ade846bb3a276f

SHA1
66848777b101f24e4b42fdf9c9f666d53c3a340d

SHA256
728d797e25d5721cd44c4ce40c3c199b45feb3f736501e6aac39af8791bccdc4

SHA512
e76a123f05f017fde02a0a3952c0f2b873b5d5c8c9a2bc997fa093d51576ec10e5fa6a18b1e7b4600ca04f5ecbeebebb4a0bd717d65cc61a50f36e1d9a8cd9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES8CB0.tmp

Filesize
1KB

MD5
e897970a0eedf656aa4f9f0a31400ac9

SHA1
db5218847d973bc976b16e5422d6350ad7e7ff1d

SHA256
d04cb099ed5bd815d0cafe7073b539fc715600850016d057b3b049aab2d91569

SHA512
e4b7d4ec946fc0ba05630599ec571962a0d840c0d4be3ffdea8999e7cbdcab00cbd4f258fe858da5d7307e89f5eb531f1e71abb4db33ac5c750a2ef88d1f00bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES958A.tmp

Filesize
1KB

MD5
3ce702fdfb38cd96643e53f3b56711e0

SHA1
22acb30bfac40807870212c873cd07f595e6515d

SHA256
494f36ff18ae45b1967864614e97f14b97c76fb58727897de764f105890f52fe

SHA512
7e574fd3476ec8d616d889b8229a1dcf7616d866c1e2ddf0584a59bb5dce15b3f5bb63ee9fb483cd92b502fd5603c5fc466c124531b0a83ae424edea04cfe7da

Download Submit
C:\Users\Admin\AppData\Local\Temp\buxkftvd.dll

Filesize
9KB

MD5
845cb419e01d4f1932ba672a6a08bf87

SHA1
cfa1180883e33a720d8ecb077a3db1856984e6fd

SHA256
a0e92eefad1b4a4bec72996da3584d49901d96ed6668c2622fa347ffe1f3f3c4

SHA512
d9171b2f98733c09e447c6ac5080e41f1ec25fcd49fb5edbac741ba2471841db1795da4f5fe6e13d13ab701e7e76fbd345eddadf2c7b517bd35e06a09f338fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm4rdjqv.dll

Filesize
10KB

MD5
a2c3aef2572b4feec57c4fa87d7ad952

SHA1
435e926a787456340c66b30d9d27eb23b1737fce

SHA256
1171a405e097b3ed08dff3e236610b5a4a4178514c6a54779d3172979c0a882c

SHA512
39be9868c970aa13abbea3ec0fc8405925561d359f178335bd5fabcfb20e9fae10251d98e8f3178479ae3d6565431bad0b6fe4051748a65ec63ba90a12f5069e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufpbe8ws.dll

Filesize
8KB

MD5
51296afbb1c8080ed907465d7495b63b

SHA1
5f7b63603f9a071cfb3f4f5bd153a5f6d7525473

SHA256
68c3b1b30cac380fa8193b76db11e502f0803ed94bf25fff5c281f23101e6eeb

SHA512
e6fcf88e261facd12bde81792006585b7f5716cfc059fe548adae7c845185af1248f26d25ff79f46980449f69300bf43cf061ff2a1f301fc5d36c6d93ebdd26f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC8AFA.tmp

Filesize
652B

MD5
892c30003c162b0f6d78e1a6b4fc9a73

SHA1
b1309247476d85398e3c6111ea921858ea8b32f0

SHA256
520da08983acfe28a310ec259f1ef971c38bee116f92f8f4b539e06bb5767ab2

SHA512
c051fed74145cf2493fb9892eb1ca4995c4a47f16c4a2a45e66fba061d9b2cff7312da1e0350a70014e6423a526ad8bb3c832610e1057f7e3cf87768f216c924

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC8CAF.tmp

Filesize
700B

MD5
f8ed5e3521354fee462da050b8f11d9b

SHA1
c091f001c78d0cc94889e27c57a53e60562293f4

SHA256
c2e0d1b737e0d23747be597e292b3b27cb946d32889480abcd7a3bea2aaae7d7

SHA512
41a6ddcffc330ab84d9f30f34e4dbabe31b689aebc0a2f6c369f905d704375009711e14bd087e7e1bb3841968427c02922f5ef717321bca141eba5ee77b64a6b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9589.tmp

Filesize
652B

MD5
7213df6f3b4030044f77643f51ab4ded

SHA1
2d75a8bcebc519d994015ee86c538c9d78bb226c

SHA256
ee955d89e241c19ec5485a8f35e0fb1e3ce9d788e2fc28221a8bf78b5c0832fd

SHA512
850c03fe3e921550349bd40b78424256cf0120482833b0fd976d9bd5c2278615761a09ac98d22b0485a4813e2479f2cedaf45f256db53e48555eb5aebf2e1f17

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\buxkftvd.0.cs

Filesize
18KB

MD5
f12186e017dc013105f7af4cf539645f

SHA1
50bb0ab7ad4733bb48930bc5f1c44feda65623ea

SHA256
75693617a945fd4ccfc4157999f2c52ddf68547cf5322e18ecfb70dc17c922d7

SHA512
81c50a12fc0f07bd01bf8f5f74651969ab9bad0ade3c7704c8a1bdb1c8e16d4c5a77a68eace60e5a3dd75930df6e9d30b375be078f7a4959b85adca9cbcbfb68

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\buxkftvd.cmdline

Filesize
401B

MD5
890c02f458b4af608716394b50a4aa65

SHA1
b5061eff329799e7a8c273665d105d2542d01092

SHA256
29fa8b420b6d7a821de21c6427764c47847080e4d644678cbf609556055a18cc

SHA512
12ae15dc7cd9d3d8a8e4b39109cf03ec1b5b47a19dc9d16bc69fb3af8387165d6bffbcc62c7a019e4f07e7a69440f635b09a6837684e36c5a3a8909433e5eb00

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tm4rdjqv.0.cs

Filesize
16KB

MD5
2acd8c6a61b4e380150e9279d971f493

SHA1
40960648651593045fda00cfbe3de316e0a43e42

SHA256
e4a02f3367b91e9d001f2b69faf923ea4cacd68232b675df782a1221af7d0395

SHA512
cd600e638fa0f2f6d90ea0562f8fb89da8517c50eccfc1fa0c75d93ea1dc61f8eeea3f9bad952e6894beb0fc0cd903b56ff9b52150ff1a181bacbf5e23ee957e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tm4rdjqv.cmdline

Filesize
401B

MD5
21b0664bcb5db4551e015aca682c26a1

SHA1
e9419819d52294ed264e761f0b70f8edad975314

SHA256
c4ee1f5d4d0b9693b092e4f148082b4c6e20ce041a467849f8f0458c33fa389f

SHA512
f68032b8a273a3c5cc38f5eb6c5e83743199129b83c30651fe947e9171017ff1c9c06f6df0d822bab12e669ae3a32dfe7b86a372300aac1245c6bdeefeea50cb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ufpbe8ws.0.cs

Filesize
11KB

MD5
7b835a71956070a4cae36cb9aadfb50f

SHA1
55dfcec894c1ee834e54d6aaab69e9b97216bf06

SHA256
607eafe7bcff5b38f1c5d6879f6970c1007e289a7589726e25cca620f7a9bcf7

SHA512
0a564bcb5dcae342f705ff656326d3154adbeb9c90414c3a236c63db460b6dcc1a555e579d926fff74b7960a23d51fc7188bd89ebebaebeca33a5f83ebd733b3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ufpbe8ws.cmdline

Filesize
401B

MD5
14f768d30480c4294ccb7c83a3d68555

SHA1
de16ed791d21a42f9d5af401ad34cd91cdf98cb3

SHA256
022abe65426a1ba3c503e2e428d08a5e5bd5e1c3c5fd97aea30e4d6c1414559d

SHA512
e4da9e3debf63ac5136ab0dde9ea03883a3010691f44d771bf858bfda6a4691e7d744be9170b0b92d84bb55f66e70b3e233dcd1802cd6198cb4552defd6de216

Download Submit
memory/1280-27-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/1280-32-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/1984-17-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/1984-10-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-38-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-39-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-40-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-37-0x0000000074C82000-0x0000000074C83000-memory.dmp

Filesize
4KB

Download
memory/4528-36-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-0-0x0000000074C82000-0x0000000074C83000-memory.dmp

Filesize
4KB

Download
memory/4528-2-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-1-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-54-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-55-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-56-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-57-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download
memory/4528-58-0x0000000074C80000-0x0000000075231000-memory.dmp

Filesize
5.7MB

Download