1859dfca6e5251f22c90aa4245a953c6afb26b0d2e6dec2b4747ceef4f7df18d

Resubmissions

19/09/2024, 19:17

240919-xzbwqswana 9

19/09/2024, 14:45

240919-r421tsvbjr 7

19/09/2024, 14:37

240919-rzaqsatcnc 7

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qitasc.exe
Size

5.1MB
MD5

43ebe9df7e67597a160f5effa8868bf3
SHA1

3cd79d15f53e36e4864122d7af81d12581fbf71c
SHA256

1859dfca6e5251f22c90aa4245a953c6afb26b0d2e6dec2b4747ceef4f7df18d
SHA512

c3d73c071ea7da40aad5e693e7690018f488c6d9b74577e111a016deca9fef4725436ee940f82b7940505db21a59f64dedad903a52d0dd39f8446b7f7f99758a
SSDEEP

49152:XOuEZOZHIXrb/TCvO90dL3BmAFd4A64nsfJIUGBXbLxPCZMKd33UicObbWdE5qeH:XOu1oiUoB4X37Z5q0RjyJRJ3pQ+E

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2312	java.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	qitasc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	qitasc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	qitasc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	qitasc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	qitasc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1408	qitasc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2312	java.exe
2312	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 3920	1408	qitasc.exe	90
PID 1408 wrote to memory of 3920	1408	qitasc.exe	90
PID 1408 wrote to memory of 2312	1408	qitasc.exe	93
PID 1408 wrote to memory of 2312	1408	qitasc.exe	93

C:\Users\Admin\AppData\Local\Temp\qitasc.exe
"C:\Users\Admin\AppData\Local\Temp\qitasc.exe"
1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  PID:3920
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -jar C:\QiTASC\installer\installer-gui.jar
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4444,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:8
1⤵
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
26fce827644482663f3572255a2f2070

SHA1
794c3b39f76c7d388c2b763e4021e5045f5a808c

SHA256
32fb01fea0a325d1cfaebea319836a607476a7918d2f13a050526e35bec33eda

SHA512
70c62a0283318c0013c2283d2e2d9de4bbf8beb770fc4469e3c529537e482479c955c8f744aab2b99a4c3c87eac2847189083c83904f17e7e979bcda8969e553

Download Submit
C:\QiTASC\installer\debug.log

Filesize
574B

MD5
270939667b2c1e18fc19f98a89782a6f

SHA1
66612051ead4493da44723eb408927ae4c31eb00

SHA256
bb1b7ddfd74257040ad2a8f4f55918983960a1d2e9690aff388949fb65b373c0

SHA512
0eaec2ad1397d417a5e63f7dc21843f720888e5a679d9f49a943c0832724b5d12c62ce46ed31b3b096202b2004bcc324fe4add03e993ba03fa02bbfaf4f7fcd6

Download Submit
C:\QiTASC\installer\installer-gui.jar

Filesize
5.7MB

MD5
ef7879d4b7f850f161c2eb569c528a7b

SHA1
5400d9b6bff2c01e37a5fb921af0268f86e74fd2

SHA256
cc96c40bc12c33bf4b3457ef9d1f5a60f018efb0f5ad728272c360fb48ba9446

SHA512
ab79e23fcc03427bfcd58cf8179a8dc597f306255b1f0e9a139ed6f9ff2ba62c86f48a2b882b6afc6dc002ce3abffd2f8a499893d4134bb72e330fe1a6fe823c

Download Submit
C:\Users\Admin\.qitasc-installer

Filesize
34B

MD5
17c98c6eec35c4462440578981fbc4f9

SHA1
cbd7f9f7fc7a591f03868a2a16384bfbba3c0ac8

SHA256
958d0c427ac396becf36406da82e8724484f875d1339e64e5173e914e802b980

SHA512
6b35bfc2baa8297778f619d333ca1b3e834addf42565d4621e77e9320ee2982669c60d68923924ddf93f5853072ac8bb739770f6ba83d6a1c801cd995a708264

Download Submit
C:\Users\Admin\AppData\Local\Temp\proxy_vole791441323484626050.dll

Filesize
39KB

MD5
376e4cfaa0cb5b487b2b5a5426bea58a

SHA1
935f228e0f92018b31657f97391d84d147ab929a

SHA256
2352605e14708002c4e2943246bc2e0ff77afa1eff408c05e1d248b0ba6f480c

SHA512
12d6127cc68d009410610f7ddf0bd4d830f2a911ea5f856d160be468cffe7ebf000f77259b8628dc3d0063f6fe2c6bf35de7266a4518ba00e5b0198bcce28f5c

Download Submit
memory/2312-137-0x0000015956380000-0x0000015956390000-memory.dmp

Filesize
64KB

Download
memory/2312-208-0x0000015956520000-0x0000015956530000-memory.dmp

Filesize
64KB

Download
memory/2312-55-0x00000159562A0000-0x00000159562B0000-memory.dmp

Filesize
64KB

Download
memory/2312-56-0x00000159562B0000-0x00000159562C0000-memory.dmp

Filesize
64KB

Download
memory/2312-58-0x00000159562C0000-0x00000159562D0000-memory.dmp

Filesize
64KB

Download
memory/2312-61-0x00000159562D0000-0x00000159562E0000-memory.dmp

Filesize
64KB

Download
memory/2312-63-0x00000159562E0000-0x00000159562F0000-memory.dmp

Filesize
64KB

Download
memory/2312-64-0x00000159562F0000-0x0000015956300000-memory.dmp

Filesize
64KB

Download
memory/2312-66-0x0000015956300000-0x0000015956310000-memory.dmp

Filesize
64KB

Download
memory/2312-68-0x0000015956310000-0x0000015956320000-memory.dmp

Filesize
64KB

Download
memory/2312-72-0x0000015956030000-0x00000159562A0000-memory.dmp

Filesize
2.4MB

Download
memory/2312-73-0x0000015956320000-0x0000015956330000-memory.dmp

Filesize
64KB

Download
memory/2312-74-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-78-0x0000015956330000-0x0000015956340000-memory.dmp

Filesize
64KB

Download
memory/2312-81-0x00000159562A0000-0x00000159562B0000-memory.dmp

Filesize
64KB

Download
memory/2312-82-0x0000015956340000-0x0000015956350000-memory.dmp

Filesize
64KB

Download
memory/2312-85-0x00000159562B0000-0x00000159562C0000-memory.dmp

Filesize
64KB

Download
memory/2312-86-0x0000015956350000-0x0000015956360000-memory.dmp

Filesize
64KB

Download
memory/2312-89-0x0000015956360000-0x0000015956370000-memory.dmp

Filesize
64KB

Download
memory/2312-88-0x00000159562C0000-0x00000159562D0000-memory.dmp

Filesize
64KB

Download
memory/2312-93-0x0000015956370000-0x0000015956380000-memory.dmp

Filesize
64KB

Download
memory/2312-92-0x00000159562D0000-0x00000159562E0000-memory.dmp

Filesize
64KB

Download
memory/2312-101-0x00000159562F0000-0x0000015956300000-memory.dmp

Filesize
64KB

Download
memory/2312-107-0x0000015956310000-0x0000015956320000-memory.dmp

Filesize
64KB

Download
memory/2312-105-0x00000159563B0000-0x00000159563C0000-memory.dmp

Filesize
64KB

Download
memory/2312-104-0x0000015956300000-0x0000015956310000-memory.dmp

Filesize
64KB

Download
memory/2312-106-0x00000159563C0000-0x00000159563D0000-memory.dmp

Filesize
64KB

Download
memory/2312-119-0x0000015956410000-0x0000015956420000-memory.dmp

Filesize
64KB

Download
memory/2312-100-0x00000159563A0000-0x00000159563B0000-memory.dmp

Filesize
64KB

Download
memory/2312-99-0x0000015956390000-0x00000159563A0000-memory.dmp

Filesize
64KB

Download
memory/2312-98-0x0000015956380000-0x0000015956390000-memory.dmp

Filesize
64KB

Download
memory/2312-97-0x00000159562E0000-0x00000159562F0000-memory.dmp

Filesize
64KB

Download
memory/2312-96-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-121-0x0000015956330000-0x0000015956340000-memory.dmp

Filesize
64KB

Download
memory/2312-122-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-120-0x0000015956420000-0x0000015956430000-memory.dmp

Filesize
64KB

Download
memory/2312-118-0x0000015956400000-0x0000015956410000-memory.dmp

Filesize
64KB

Download
memory/2312-117-0x00000159563F0000-0x0000015956400000-memory.dmp

Filesize
64KB

Download
memory/2312-116-0x00000159563E0000-0x00000159563F0000-memory.dmp

Filesize
64KB

Download
memory/2312-115-0x00000159563D0000-0x00000159563E0000-memory.dmp

Filesize
64KB

Download
memory/2312-114-0x0000015956320000-0x0000015956330000-memory.dmp

Filesize
64KB

Download
memory/2312-126-0x0000015956340000-0x0000015956350000-memory.dmp

Filesize
64KB

Download
memory/2312-129-0x0000015956350000-0x0000015956360000-memory.dmp

Filesize
64KB

Download
memory/2312-128-0x0000015956440000-0x0000015956450000-memory.dmp

Filesize
64KB

Download
memory/2312-127-0x0000015956430000-0x0000015956440000-memory.dmp

Filesize
64KB

Download
memory/2312-132-0x0000015956450000-0x0000015956460000-memory.dmp

Filesize
64KB

Download
memory/2312-131-0x0000015956360000-0x0000015956370000-memory.dmp

Filesize
64KB

Download
memory/2312-135-0x0000015956460000-0x0000015956470000-memory.dmp

Filesize
64KB

Download
memory/2312-134-0x0000015956370000-0x0000015956380000-memory.dmp

Filesize
64KB

Download
memory/2312-139-0x00000159563A0000-0x00000159563B0000-memory.dmp

Filesize
64KB

Download
memory/2312-138-0x0000015956390000-0x00000159563A0000-memory.dmp

Filesize
64KB

Download
memory/2312-32-0x0000015956030000-0x00000159562A0000-memory.dmp

Filesize
2.4MB

Download
memory/2312-42-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-140-0x0000015956470000-0x0000015956480000-memory.dmp

Filesize
64KB

Download
memory/2312-154-0x0000015956410000-0x0000015956420000-memory.dmp

Filesize
64KB

Download
memory/2312-147-0x0000015956490000-0x00000159564A0000-memory.dmp

Filesize
64KB

Download
memory/2312-146-0x00000159563C0000-0x00000159563D0000-memory.dmp

Filesize
64KB

Download
memory/2312-151-0x00000159563E0000-0x00000159563F0000-memory.dmp

Filesize
64KB

Download
memory/2312-155-0x0000015956420000-0x0000015956430000-memory.dmp

Filesize
64KB

Download
memory/2312-145-0x00000159563B0000-0x00000159563C0000-memory.dmp

Filesize
64KB

Download
memory/2312-153-0x0000015956400000-0x0000015956410000-memory.dmp

Filesize
64KB

Download
memory/2312-150-0x00000159564B0000-0x00000159564C0000-memory.dmp

Filesize
64KB

Download
memory/2312-149-0x00000159564A0000-0x00000159564B0000-memory.dmp

Filesize
64KB

Download
memory/2312-160-0x00000159564D0000-0x00000159564E0000-memory.dmp

Filesize
64KB

Download
memory/2312-159-0x0000015956440000-0x0000015956450000-memory.dmp

Filesize
64KB

Download
memory/2312-158-0x0000015956430000-0x0000015956440000-memory.dmp

Filesize
64KB

Download
memory/2312-157-0x00000159564C0000-0x00000159564D0000-memory.dmp

Filesize
64KB

Download
memory/2312-162-0x00000159564E0000-0x00000159564F0000-memory.dmp

Filesize
64KB

Download
memory/2312-168-0x0000015956460000-0x0000015956470000-memory.dmp

Filesize
64KB

Download
memory/2312-167-0x0000015956500000-0x0000015956510000-memory.dmp

Filesize
64KB

Download
memory/2312-166-0x00000159564F0000-0x0000015956500000-memory.dmp

Filesize
64KB

Download
memory/2312-165-0x0000015956450000-0x0000015956460000-memory.dmp

Filesize
64KB

Download
memory/2312-171-0x0000015956510000-0x0000015956520000-memory.dmp

Filesize
64KB

Download
memory/2312-170-0x0000015956470000-0x0000015956480000-memory.dmp

Filesize
64KB

Download
memory/2312-174-0x0000015956520000-0x0000015956530000-memory.dmp

Filesize
64KB

Download
memory/2312-173-0x0000015956480000-0x0000015956490000-memory.dmp

Filesize
64KB

Download
memory/2312-178-0x0000015956530000-0x0000015956540000-memory.dmp

Filesize
64KB

Download
memory/2312-177-0x0000015956490000-0x00000159564A0000-memory.dmp

Filesize
64KB

Download
memory/2312-182-0x0000015956540000-0x0000015956550000-memory.dmp

Filesize
64KB

Download
memory/2312-181-0x00000159564B0000-0x00000159564C0000-memory.dmp

Filesize
64KB

Download
memory/2312-180-0x00000159564A0000-0x00000159564B0000-memory.dmp

Filesize
64KB

Download
memory/2312-185-0x0000015956550000-0x0000015956560000-memory.dmp

Filesize
64KB

Download
memory/2312-184-0x00000159564C0000-0x00000159564D0000-memory.dmp

Filesize
64KB

Download
memory/2312-187-0x0000015956560000-0x0000015956570000-memory.dmp

Filesize
64KB

Download
memory/2312-190-0x0000015956570000-0x0000015956580000-memory.dmp

Filesize
64KB

Download
memory/2312-189-0x00000159564D0000-0x00000159564E0000-memory.dmp

Filesize
64KB

Download
memory/2312-194-0x0000015956580000-0x0000015956590000-memory.dmp

Filesize
64KB

Download
memory/2312-192-0x00000159564E0000-0x00000159564F0000-memory.dmp

Filesize
64KB

Download
memory/2312-199-0x0000015956590000-0x00000159565A0000-memory.dmp

Filesize
64KB

Download
memory/2312-198-0x0000015956500000-0x0000015956510000-memory.dmp

Filesize
64KB

Download
memory/2312-197-0x00000159564F0000-0x0000015956500000-memory.dmp

Filesize
64KB

Download
memory/2312-200-0x00000159565A0000-0x00000159565B0000-memory.dmp

Filesize
64KB

Download
memory/2312-203-0x0000015956510000-0x0000015956520000-memory.dmp

Filesize
64KB

Download
memory/2312-204-0x00000159565B0000-0x00000159565C0000-memory.dmp

Filesize
64KB

Download
memory/2312-205-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-209-0x00000159565C0000-0x00000159565D0000-memory.dmp

Filesize
64KB

Download
memory/2312-142-0x0000015956480000-0x0000015956490000-memory.dmp

Filesize
64KB

Download
memory/2312-214-0x0000015956530000-0x0000015956540000-memory.dmp

Filesize
64KB

Download
memory/2312-215-0x00000159565D0000-0x00000159565E0000-memory.dmp

Filesize
64KB

Download
memory/2312-224-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-287-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-310-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-311-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/2312-343-0x0000015954800000-0x0000015954801000-memory.dmp

Filesize
4KB

Download
memory/3920-9-0x0000011E55240000-0x0000011E554B0000-memory.dmp

Filesize
2.4MB

Download
memory/3920-19-0x0000011E53860000-0x0000011E53861000-memory.dmp

Filesize
4KB

Download
memory/3920-20-0x0000011E55240000-0x0000011E554B0000-memory.dmp

Filesize
2.4MB

Download