Overview

overview

10

Static

static

URLScan

urlscan

1

https://download2330...

windows10-2004_x64

10

Analysis

  • max time kernel
    394s
  • max time network
    386s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28/06/2022, 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://download2330.mediafire.com/uq55c5rg3y0g/bc8azynqlw2thf4/Main_File_Pass_1234.rar

Score
10/10
recordbreakerevasionstealertrojan

Malware Config

Extracted

Family

recordbreaker

C2

http://80.71.157.112/

http://45.133.216.249/

Signatures

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
    evasion
  • Executes dropped EXE 7 IoCs
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 7 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://download2330.mediafire.com/uq55c5rg3y0g/bc8azynqlw2thf4/Main_File_Pass_1234.rar
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3440 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:456
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3432
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Main_File_Pass_1234\" -spe -an -ai#7zMap7469:100:7zEvent18621
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2152
    • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
      "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
      1⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Executes dropped EXE
      • Checks BIOS information in registry
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:4144
    • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
      "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
      1⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Executes dropped EXE
      • Checks BIOS information in registry
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:2576
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
      1⤵
        PID:1716
      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:2004
      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:4308
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main_File_Pass_1234\PassFile.txt
        1⤵
        • Opens file in notepad (likely ransom note)
        PID:1940
      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:1032
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1868
      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        PID:4852
      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        "C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe"
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        PID:4828

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        790e40386a5478b54787c28956e029d7

        SHA1

        6c6316d8f0e2528eb48b10202cf18ba11b77ed57

        SHA256

        2a14ca44fa89c53f53111c7caae9155a460fa162bd822cceaf7b7f74b8390557

        SHA512

        ec4f94c89a54db0de7fddc45efc89202210761d7b3cfb81bf270a076665b88191952e5bef6a3ae2d4cf7786c7c9c95f8182000da74228c7003d6916ddec93e3b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        c8b7eac21b64223bd7750bb84df14a34

        SHA1

        3802c57145ac7850265484f7dc36fdbde5ad485e

        SHA256

        e888333c04df067914f40bb71d473b9f93f9ad20c0dd39a97d6417c1e07ae92d

        SHA512

        2dfd80b1f5f65ab76a5c936f9bb8641224ea3302761a71fb51258ccd25f41681cf6263588dce5801b051b3cf52ef0247de45966c5a1beca2bf621bce48e12cce

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1dmutkj\imagestore.dat
        Filesize

        11KB

        MD5

        244a083159919a6b06cc5e8c29bbb063

        SHA1

        00e4d961bb8070c5f8e26d0724486cfb32e0d287

        SHA256

        aaf95bd66926bd2c6b596752b3e8b4bc8f8336b6174a840a02072463205208a8

        SHA512

        5afa44def6feeaaefdd4f26261175cba9f7ace567df47dd704476ef82b16536d99522e4d7d9785b9ca7dbd53a5e5d713457c7b55eca6569c0804d84b9df4d5a7

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234.rar.150miy6.partial
        Filesize

        6.4MB

        MD5

        a16c8d882425559bfb92ed89b4d410c3

        SHA1

        2b3f9e73db27e35995266218b8b179d2c03e53af

        SHA256

        8171eb2b72822063e480b58e75a7dfc0eabe97c40b6ea2b5af3c1ee05e37c959

        SHA512

        3cd85755e6beb915ae8c360d222b4d29430685eca365501f63b58162e53de02a875d23da165cae11322b323720d5aff8591c82583df8320c12c2a99a298f912a

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\PassFile.txt
        Filesize

        4B

        MD5

        81dc9bdb52d04dc20036dbd8313ed055

        SHA1

        7110eda4d09e062aa5e4a390b0a572ac0d2c0220

        SHA256

        03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4

        SHA512

        d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • C:\Users\Admin\Downloads\Main_File_Pass_1234\Setup.exe
        Filesize

        398.6MB

        MD5

        0e186e529a1e58e9569e7bdd49dfec21

        SHA1

        82ba7b95cc2882c84e2a9704da58abd37a986bac

        SHA256

        993ca8050ecee98d676f8af0f3fa9bb719993d2d0fc17d5abb4ee46e039f31b2

        SHA512

        885149335aac9172df54826c66609d868809b35214cb5a7bf101205cc10b8567feb57ead872595c17e18b62d6967991da9262e5551da45183b6e46c630d77ad8

        Download Submit

      • memory/1032-191-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/1032-195-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/1032-194-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/1032-192-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/1032-193-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1032-196-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2004-167-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-181-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2004-171-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2004-180-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-170-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-169-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-168-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2004-166-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-165-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-162-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2004-163-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2576-152-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2576-154-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2576-157-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2576-153-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2576-155-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2576-156-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/2576-158-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2576-149-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-140-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-160-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4144-159-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-147-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4144-146-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-145-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-144-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-143-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4144-142-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-139-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-137-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4144-136-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-177-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-173-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-185-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-184-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-183-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-179-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-178-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4308-197-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-198-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4308-176-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4308-186-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4828-215-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-214-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-223-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4828-222-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-221-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4828-220-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-219-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-218-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-216-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4828-217-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4852-207-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-200-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-201-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-210-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4852-209-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-208-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-203-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-205-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download

      • memory/4852-206-0x0000000077DD0000-0x0000000077F73000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4852-204-0x0000000000400000-0x0000000000BD7000-memory.dmp

        Filesize

        7.8MB

        Download