Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0b26eab73b...e9.exe

windows7-x64

10

0b26eab73b...e9.exe

windows10-2004-x64

10

Resubmissions

24/09/2022, 20:40

220924-zf4hradccr 10

Analysis

  • max time kernel
    60s
  • max time network
    102s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24/09/2022, 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b26eab73b57842b1b5c439df38324e9.exe

  • Size

    2.6MB

  • MD5

    0b26eab73b57842b1b5c439df38324e9

  • SHA1

    42633109f529b2dad7532b349c32c5d5f867ecf9

  • SHA256

    94263aa0a3b9de301c6fea69b4d211662829b23a80020b80879f37e6ff6bd6f0

  • SHA512

    e653f61dfce5e156a9135ec34cca1f3765192e22ec80f5f43c49e5140681b5e514896c2720e048245088d15ceecb95e11625deff6355ed7db6c26ae7f0e6d7e7

  • SSDEEP

    49152:npTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:nZpktrvTOqp2Nw3L0gRbfGI8sepeu1

Score
10/10
dcratevasioninfostealerrattrojan

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Process spawned unexpected child process 54 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • UAC bypass 3 TTPs 3 IoCs
    evasiontrojan
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 16 IoCs
  • Program crash 1 IoCs
  • Creates scheduled task(s) 1 TTPs 54 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b26eab73b57842b1b5c439df38324e9.exe
    "C:\Users\Admin\AppData\Local\Temp\0b26eab73b57842b1b5c439df38324e9.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1944
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1944 -s 1028
      2⤵
      • Program crash
      PID:2460
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\sppsvc.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:796
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\sppsvc.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:432
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\sppsvc.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1632
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 12 /tr "'C:\Windows\ehome\WMIADAP.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:920
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Windows\ehome\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1320
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 10 /tr "'C:\Windows\ehome\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1896
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 9 /tr "'C:\Recovery\c0f67622-1a8a-11ed-ae9f-b21da26d38ed\WMIADAP.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:304
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Recovery\c0f67622-1a8a-11ed-ae9f-b21da26d38ed\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:580
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 7 /tr "'C:\Recovery\c0f67622-1a8a-11ed-ae9f-b21da26d38ed\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:864
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "smsss" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\smss.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1964
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\smss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:996
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\smss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1032
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsml" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\Templates\lsm.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1472
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Users\All Users\Templates\lsm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1960
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsml" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\Templates\lsm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1820
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "0b26eab73b57842b1b5c439df38324e90" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\0b26eab73b57842b1b5c439df38324e9.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1568
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "0b26eab73b57842b1b5c439df38324e9" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\0b26eab73b57842b1b5c439df38324e9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1600
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "0b26eab73b57842b1b5c439df38324e90" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\0b26eab73b57842b1b5c439df38324e9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2000
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Windows\SoftwareDistribution\ScanFile\services.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:988
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\SoftwareDistribution\ScanFile\services.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1132
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "servicess" /sc MINUTE /mo 14 /tr "'C:\Windows\SoftwareDistribution\ScanFile\services.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:468
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\Windows\System32\ru-RU\dwm.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1620
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\System32\ru-RU\dwm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:268
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 8 /tr "'C:\Windows\System32\ru-RU\dwm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1940
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\Program Files\Uninstall Information\taskhost.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1296
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\taskhost.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1912
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 10 /tr "'C:\Program Files\Uninstall Information\taskhost.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1616
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 14 /tr "'C:\Windows\PCHEALTH\ERRORREP\dwm.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1340
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\PCHEALTH\ERRORREP\dwm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1692
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 12 /tr "'C:\Windows\PCHEALTH\ERRORREP\dwm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:972
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\csrss.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1556
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:796
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1368
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "explorere" /sc MINUTE /mo 14 /tr "'C:\Program Files\MSBuild\explorer.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1596
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\MSBuild\explorer.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:824
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "explorere" /sc MINUTE /mo 8 /tr "'C:\Program Files\MSBuild\explorer.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1440
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsml" /sc MINUTE /mo 9 /tr "'C:\Users\Default\PrintHood\lsm.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1716
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Users\Default\PrintHood\lsm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1240
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsml" /sc MINUTE /mo 5 /tr "'C:\Users\Default\PrintHood\lsm.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:944
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\winlogon.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2080
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\winlogon.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2104
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\winlogon.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2128
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\WMIADAP.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2152
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2176
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2196
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2224
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2248
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2272
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 8 /tr "'C:\Program Files\Reference Assemblies\Microsoft\System.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2292
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files\Reference Assemblies\Microsoft\System.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2316
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 5 /tr "'C:\Program Files\Reference Assemblies\Microsoft\System.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2340
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 6 /tr "'C:\Recovery\c0f67622-1a8a-11ed-ae9f-b21da26d38ed\WMIADAP.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2364
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Recovery\c0f67622-1a8a-11ed-ae9f-b21da26d38ed\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2384
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 7 /tr "'C:\Recovery\c0f67622-1a8a-11ed-ae9f-b21da26d38ed\WMIADAP.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2404

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1944-66-0x0000000000780000-0x0000000000792000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1944-60-0x00000000003A0000-0x00000000003B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1944-56-0x0000000000150000-0x0000000000158000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1944-57-0x0000000000360000-0x0000000000370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1944-58-0x0000000000380000-0x0000000000388000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1944-59-0x0000000000390000-0x00000000003A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1944-65-0x0000000000560000-0x0000000000568000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1944-61-0x00000000003B0000-0x00000000003BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1944-62-0x000000001A930000-0x000000001A986000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1944-63-0x00000000003C0000-0x00000000003CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1944-55-0x0000000000140000-0x000000000014E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1944-64-0x00000000003D0000-0x00000000003DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1944-70-0x0000000000B00000-0x0000000000B08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1944-67-0x0000000000A60000-0x0000000000A6C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1944-68-0x0000000000A70000-0x0000000000A7C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1944-69-0x000000001B096000-0x000000001B0B5000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1944-54-0x0000000000C90000-0x0000000000F34000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1944-71-0x0000000000B10000-0x0000000000B1E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1944-72-0x0000000000B20000-0x0000000000B28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1944-73-0x000000001A980000-0x000000001A98C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1944-74-0x000000001B096000-0x000000001B0B5000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1944-75-0x000000001B0BE000-0x000000001B0CE000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1944-77-0x000000001B0BE000-0x000000001B0CE000-memory.dmp

    Filesize

    64KB

    Download