Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

URLScan

urlscan

https://github.com/E...

windows7-x64

Analysis

  • max time kernel
    1158s
  • max time network
    1161s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26/10/2022, 22:52

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://github.com/Endermanch/MalwareDatabase/raw/master/enderware/Koteyka2.zip

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies registry class 48 IoCs
  • Suspicious behavior: EnumeratesProcesses 54 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Endermanch/MalwareDatabase/raw/master/enderware/Koteyka2.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1384
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0xc8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:788
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:760
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1268
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Windows\system32\taskkill.exe
      taskkill /im Kotekya.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1680
    • C:\Windows\system32\taskkill.exe
      taskkill /im koteyka
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1372
    • C:\Windows\system32\taskkill.exe
      taskkill /im koteyka.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:188
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:276
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:860
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1328

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        340B

        MD5

        7b7d53f1ade2e99fbec77e6376257999

        SHA1

        e914a0efdd5f421e895f3617df4d749cca5450c0

        SHA256

        dc36eb90df26adff83dc65ed4ecab9f07adacdda0370d0db3e694e28b1b92564

        SHA512

        8b5a854b89ec3474ba0b3cbc687d5959e4098038fc86aefc83af5bdbdb4d40c4a082544e473a281a3c81d0c625f7593d6e5a2ba681154972e0154f4b6cf30fc4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y4KCHY9S.txt
        Filesize

        608B

        MD5

        eda4243bf950af34e09aeeb17875d4ce

        SHA1

        e47de100495c24277baec287d3548ad02e1bbbd5

        SHA256

        30bab20c23f165e02391815e23bac99c6c475a6485608e6d4766603578032538

        SHA512

        3d1acedec1cc2ad2248995911404672f26325761b83034dcaf071245248c8a4115ef522310b4d3db84c6599c3e5970027ff19f809851f0a7b8a022c93ab1d2f8

        Download Submit

      • C:\Users\Admin\Desktop\CompareMove.dll
        Filesize

        792KB

        MD5

        5dd134de06bcea121498ffebd8c3b5cf

        SHA1

        2af26ef9de66718a31f2acc2b5a86c2887c2bcb4

        SHA256

        747392e78896f6c3eb229ff4aa02c6b1401f7ca99a66534beec8dc3e79af24ee

        SHA512

        6a8c5371b1a2bc19a793da6de98a1f8d4ed28707d42d91d2b9b22c8ebd1cfb6ac5a14bf63a9dccbbf6faacf51502b43098dd8e8568646f471b2250b822b6f789

        Download Submit

      • C:\Users\Admin\Desktop\ConfirmStop.odt
        Filesize

        817KB

        MD5

        69ea1eca5bf13fd3ad77dbd2c46ca0a4

        SHA1

        6cc9937718f7be7024acb01b13de416c9a5c2807

        SHA256

        eec822b095f59b1a17b9220185e790939c9ce31b519b7200a6f0d3dee98b870f

        SHA512

        53c1aa7a3551363cc4c0518bff2c825c4d4d080faf020ac91ad53ced22834c5727fe1b202d5a8b44f1ba3a99664db47fd9c3fccffddcda64b2c5e6a568bbb5c9

        Download Submit

      • C:\Users\Admin\Desktop\DebugMount.M2T
        Filesize

        364KB

        MD5

        47cad73bf62cf035c42caed204ab344f

        SHA1

        65352d9d7291d9763793cc9db118af60d120d7cc

        SHA256

        acd7fee70ab4d8a2c76f6efc04b3c768f9358eda366ef96d21cd82605f5e20b7

        SHA512

        c273811b6f0d2891a98f595fe22599a6f7b6347897dbbe5b246cb68b2b09a598ab131875414634b14eab9f86812ed27f669c91e358abdaee16ab5cf5e47c10c8

        Download Submit

      • C:\Users\Admin\Desktop\DebugStep.wpl
        Filesize

        314KB

        MD5

        a710ff1375dedee250e6bd34ea32cbd5

        SHA1

        4df71a78262e7b4df70934057be9e965b97cd063

        SHA256

        72ee15bdfa6dcd81b3dc97f8f34e290ec83bb8276705e1fad60b5130458db191

        SHA512

        bbe7d1592012bb5a2701a748688b78068fe1e05a71f1c0a9fec08383d0331f21c21620fad7bd44f2c74d35cd6f6eb404adc109b9e59e42180a8c933b4be19c04

        Download Submit

      • C:\Users\Admin\Desktop\DisableNew.mpg
        Filesize

        415KB

        MD5

        ecf3df6b5722c8ea0e4a08c1836dd020

        SHA1

        437f8729790a3271840377b9b78daff9db9a86b1

        SHA256

        a78b554bed23f49dddfd6e7da2d0b982cb19f2c9f7278e05c8c2560e5756a377

        SHA512

        5216bced7d5596183657e25ad96d6fe2ff8d35e416aff5630889ff09b58689975d89fb4fb681c2528da864efe912cee00033d09355737d2139c68cbf1dc4e9fe

        Download Submit

      • C:\Users\Admin\Desktop\DisconnectRepair.contact
        Filesize

        767KB

        MD5

        e882d9210fa21e503bd0358cf3394c0c

        SHA1

        e13cf41dea6095be6ccbb595202d6a3b939ae2e1

        SHA256

        2bca673cec862a4d72aa89c7ee639925d2a041305c328a4b164cebe6b55fbd9f

        SHA512

        a5c1d023441ea3f0915b0c8e1b21b48faa0786d4de5c55fd75291a8d627ce383cb5837cb0900666ddfb6fa2e7961e2218fd40f1f627ccb4084075820c69abe69

        Download Submit

      • C:\Users\Admin\Desktop\DismountUnlock.xhtml
        Filesize

        490KB

        MD5

        492b06cb520af5f672c7f1dd72ed6f50

        SHA1

        9d759db85fbaa65c3162e115445d3e9bdbd6a496

        SHA256

        456969bceb8a48576d914d285836676fa6e4ed1f05461391233074b162d3dea3

        SHA512

        01f200783253493ae01d93975d22b5d83c172f9e2db661a1e2bc1beeaef51a72c3634b3b782d9bca8e82bf5e14aa48ce7b2f6f77a930f4a4a65e16a4147910ee

        Download Submit

      • C:\Users\Admin\Desktop\EnableInitialize.xlsx
        Filesize

        641KB

        MD5

        4f119b257df5fc4c9cc5e7cd24996076

        SHA1

        13c440735c3c1a07abe8e41d60fed5326070fe32

        SHA256

        361b5d1eaa62e585e2b90ff2fbbf3b495955b5604e65e1eeef3ddf4bf2c80d20

        SHA512

        3558ae8884fbc1f8963ec141233d0ba7091ec2ee7c5d8941a19fcfa152f808947c8ec9576f5bd7e805e7df73bde1298df9da5922422780507371e8824798f34b

        Download Submit

      • C:\Users\Admin\Desktop\ExitComplete.vb
        Filesize

        339KB

        MD5

        46d0db0a88ddb5b4b27e04541e41ef58

        SHA1

        68bcc2634497facda3007ed33d4f034d4a1f25a9

        SHA256

        6421f1c120bcad35c505d17cf4cdfbb04c012042d5a964044394a7845be06e3f

        SHA512

        c9e2fff8f4f9a9864e172c5b6f88275c9ec1d7b42cf84fe5f5a1d2bc653ab9a333a526a4fc505943ffa7e93cef7c4e28729c1585928ccbe97f361d33f1bee57c

        Download Submit

      • C:\Users\Admin\Desktop\ExpandDisable.js
        Filesize

        666KB

        MD5

        8c64067a9748740a2d892e17fd41c4af

        SHA1

        d91d34374e6a2f1b94a184dfb7122afb05f4e496

        SHA256

        93b08e55e7f25ac40d1eae5d9a7eeb4c8c45cede29d6f12983babd96daf93a52

        SHA512

        5be63fc4da7689095def9903c8cd0b1d64cf0db76bf1ff05f57280dd445f1c890803e56fca0ae953fef4ff2d56cf931666280b517dc406bad7cb0699d42a7969

        Download Submit

      • C:\Users\Admin\Desktop\FormatSubmit.wmf
        Filesize

        742KB

        MD5

        e593729591272351627690ec1b211bc6

        SHA1

        7ee9a66f3f3dd57eb7b2239c0fa7dbd5e3d62654

        SHA256

        3de0ffa471ba76f8c509569ba4ab08e835f6f36bf69b5c5e315fba02efcff3f9

        SHA512

        110ecedf6a72081ed5c78c7dc7dcb85679817f4483b6d990d3efdbfe7162c1df35e639c728f86f8dda8b1c41ac5c646286267afc7636c333b9d20837be20006d

        Download Submit

      • C:\Users\Admin\Desktop\InvokeTest.aifc
        Filesize

        616KB

        MD5

        68e91a3c494ce7e23824fd1b97704dbf

        SHA1

        f80a568337239ad7312eb2351b5595e57ab385da

        SHA256

        f8fe090e9873b19de265397263c84885d426dca561863c48f9a41886bc90dbb7

        SHA512

        17c20d67fa36012723ddbf63c77964e2be8f02b5fbd0cd36496bc92e36821c59fd24ed5c8ef4091c252a42e023b5776f2cdb91d867dd3ede7c7ac05633a51a1b

        Download Submit

      • C:\Users\Admin\Desktop\Koteyka2.zip
        Filesize

        721KB

        MD5

        0b6957df7b5112415195636db7c6b69f

        SHA1

        1d539b1533b5e5f56723a1e3f256325f095e3ab3

        SHA256

        b5d89cd72f3ded5ee31a61775738c3881eb8984f37a265056055755847817785

        SHA512

        aa6378c8a76df76a8a0bfa90fc5bc7b3d00762af720f85016119b11cca9882c4c9e7eb2e9af2210fc8129c18e16b34ba65b8e0718b17d928dbcbec698ad6434e

        Download Submit

      • C:\Users\Admin\Desktop\Koteyka2.zip.ff0a85d.partial
        Filesize

        721KB

        MD5

        0b6957df7b5112415195636db7c6b69f

        SHA1

        1d539b1533b5e5f56723a1e3f256325f095e3ab3

        SHA256

        b5d89cd72f3ded5ee31a61775738c3881eb8984f37a265056055755847817785

        SHA512

        aa6378c8a76df76a8a0bfa90fc5bc7b3d00762af720f85016119b11cca9882c4c9e7eb2e9af2210fc8129c18e16b34ba65b8e0718b17d928dbcbec698ad6434e

        Download Submit

      • C:\Users\Admin\Desktop\MeasureWait.tif
        Filesize

        591KB

        MD5

        a7af338d8e3ba34cff7f0ffe9d6f6586

        SHA1

        a8398749685e782e685ce92d0c177f182a3a520a

        SHA256

        9e0c55d440f5382681c7a147bd68b71c6068fde5103d2d7b724bfb8d14197e1b

        SHA512

        2b12c4ac923cb9661774dd093d35d06b19610ca0ec132d32047f949ee8a11c789b4640fa17c9d03edfae218295539341d695a4df8b2cbc2544fdeb49170ec6d4

        Download Submit

      • C:\Users\Admin\Desktop\RestartExit.ogg
        Filesize

        390KB

        MD5

        ac149f46975dcffc987d9d4924e91303

        SHA1

        4704802d7b81adb4e477022c89ae613f36ff8f71

        SHA256

        5b1d54439219cb60900b61805398d20130cadd512fd2670e0a9beb2077420a41

        SHA512

        29bfb29d7778cb8b5f11ca87ce8bff37f47e307b1006f4d7060106922777fa94e1cabb64d050f55c9fcd67b2b5ef7e925fdbebd33b821ae5c4c0447ed123d6e7

        Download Submit

      • C:\Users\Admin\Desktop\RestartUnprotect.cmd
        Filesize

        515KB

        MD5

        8be3abafea82c9d358fc08f482680a52

        SHA1

        10419794d07856eb5b9831807c054e2c277e39a9

        SHA256

        9ca2a4e85d96d39718f1c4eaa540e47ed3a6df6ce36b221c7eeffe376c31e0f2

        SHA512

        1c444bc89e556575a7e294edf9238346b3c12a17451cfab80d4705ac201e8840da80854116a77624280db9ce573f31f788b85cf7707d52621dcf34dcc79d3cd4

        Download Submit

      • C:\Users\Admin\Desktop\RevokeDismount.m3u
        Filesize

        566KB

        MD5

        b7b15468613f313d4247659ea7e2190b

        SHA1

        121c5924fcbc25379aafb1c3ef2b8fdecd7b850a

        SHA256

        6f6a965a46e75e00875389eb3dea8ae307ad08d669090c16286534253b546698

        SHA512

        3ca793e504bc9575f69cc34313a18ddb3b140703cb849ca2ec46072de92825e0dc10a61239402c44ccbc0541e2db900400c0344b4b584db35a1f3403c091bbac

        Download Submit

      • C:\Users\Admin\Desktop\ShowConnect.wmv
        Filesize

        289KB

        MD5

        c0b023683c4db7ce0717e3eba1ef0bb2

        SHA1

        a2d91382bb5f212edd6e37cd59820b20b956fba4

        SHA256

        8126d00d18dddfa977ddf832410638601f254b8178021ab60585fe6ac0b0e2bf

        SHA512

        062079905ec77ffbcf238e2c88145d17393565e4c2cd606a25fb304657373117edcf06bb0ef479ff87a641c01347058ec20dc38a2a8a7e815a772d5d542b7d23

        Download Submit

      • C:\Users\Admin\Desktop\SkipRegister.bmp
        Filesize

        1.1MB

        MD5

        29eb51364f4e58010a654ea83ad5f871

        SHA1

        cfbfd15bf0ba55d50202451d852cbd817c697b46

        SHA256

        0ffe498ebfb3d3e198b6354aaa57e7b797dbf7d546644204809d3f27264d3117

        SHA512

        0a7ccf9cf4aab766ce8ac9a5484bf8fe02330f35c7097c7041ab590b81e4ef78b44aac28ba7585cf091384bcbaae08ee3d8d4957d77d821de485dc64086aa0c4

        Download Submit

      • C:\Users\Admin\Desktop\TestAdd.cfg
        Filesize

        465KB

        MD5

        59997e8664e0195ff8d4001eecd8818f

        SHA1

        df3e10299102bacdf6f3066e063ebceca07d3736

        SHA256

        caf2edf4c47175d19cb95f4c58300a2ef1347e37e59e31fa94b5c5fe2a217f1d

        SHA512

        32b92fecb02f51948e4111ff16959b2eec88bf29cddea37d2334252ce3934f9a601cb07e80cac15dd3e63437138065124d9c353b9afe1976657b95616bf703ed

        Download Submit

      • C:\Users\Admin\Desktop\TraceConvert.cab
        Filesize

        692KB

        MD5

        60e86eaa038d35c100e1664bb94fc546

        SHA1

        7c0d48f1f15aded9b0a7bb4b1abd4faca551a239

        SHA256

        b563d85a1b4083fc9089a5978f4aff3536f9c8f8c63438d51c702602476227f8

        SHA512

        6b1087d87eff043d92a5c4b8db3f34cb85569a141d7e305f0ccfeb443b451ba145a5919ad59aaa2f19708a2fb1a834849650bb9214399fc84daf0e79fd94c259

        Download Submit

      • C:\Users\Admin\Desktop\UndoInstall.mp2
        Filesize

        541KB

        MD5

        52637771cd70d0f5fbd694f397edc635

        SHA1

        9d5c29e0e6c9ccf34fcb4c1936fe68db44215311

        SHA256

        7517f983a2807a2fc127620edfdc4661a48fa00847e2944f54af6b706d303e4b

        SHA512

        6fefa0b3b1d30beea83e709f08094b8ac34cfc2d1a6f65f4f35757a9509df1ce40e0d5b7e91107d048bd298235e5c4459ddf6ff3484f45e7cf6befeb85cb08e1

        Download Submit

      • C:\Users\Admin\Desktop\UndoUnpublish.mp4
        Filesize

        440KB

        MD5

        66e3a0e58ce9b85709fcbd8fbe3c1085

        SHA1

        0b86f4191e246e40257fda9649a86247d9fe6375

        SHA256

        f770a97d008496924c1cbd11b599879b15f000834fede3b511c699322b9d25a1

        SHA512

        1dd52900e2deafdf9ebb1f355fd0775c5810452693deb3aee020ddc4f770d9b23e2f21b7fd3a58e2911920ac5fcd215a63a5c867eb1a8c97edac33c012d17901

        Download Submit

      • C:\Users\Admin\Desktop\WatchEdit.m1v
        Filesize

        717KB

        MD5

        88b6002686ee7d7a1a190d6376d84622

        SHA1

        d892989458485489d5488ac25f6c0848c4373406

        SHA256

        19d06dc7f50151d5d6baaf3dc61e52e719da98bb2ae13adee0e8e429e62bb66e

        SHA512

        7d7d4ec9ca8097713d00920a737296d3ac22f07b800e6e4db040fe5adcf165ed5df57347028820697a8016582aa695c81f32f33b3f29b56a98d022f10f099fb5

        Download Submit

      • C:\Users\Public\Desktop\Adobe Reader 9.lnk
        Filesize

        1KB

        MD5

        22260c6c949270d1b0d3a1187eeaf06e

        SHA1

        08d26f319cb75b6c97a35dd058361cc376d6facc

        SHA256

        63b70d30c3a5457a32b3c175b08fa88322627f498c216ac94f5121245c0504b1

        SHA512

        a42317cb555ba7d3b013b597cdc051c32a7e53a07103bd3b6afa9b04c5eb71a01ff0adf782c9ca6c2600571cf09291bda669360c702b38a1edd6b919c140f9a7

        Download Submit

      • C:\Users\Public\Desktop\Firefox.lnk
        Filesize

        931B

        MD5

        970d8953f5bc8d759741b5263c73f888

        SHA1

        f1a6408c02e83a977467ad84a6566629a98a58a8

        SHA256

        2b1ac23d14aad8d6f9fcb55ddd4405c68d4ad8d83214e7ef36ed1c9ccdab2eef

        SHA512

        3c5bcad10882ade665af9225370ecbf966df5f6eae593d909e4f0a76025522dca00de3ffef692f977b7c0a76582200128112aff0e80b02946aa92db74e581404

        Download Submit

      • C:\Users\Public\Desktop\Google Chrome.lnk
        Filesize

        2KB

        MD5

        a6fb2c2f1fd4fe0c265e04cd22d383a3

        SHA1

        7e2f1a19f16f7459da36a07215c4132d94d9a720

        SHA256

        4d81ddbdd25f8cf4d512d15ba7ccb942b060a3c608271c17268dbf59ccfad424

        SHA512

        64d562f1657c21446cd04aa65e9aaa0a26518a26a9dfa8aec19094fa8c6c815d0c73e7059d33c6de88244cb6c62be6bcb6bb9c779ce5ca8e835116e50fdaf801

        Download Submit

      • C:\Users\Public\Desktop\VLC media player.lnk
        Filesize

        878B

        MD5

        5d4290a862712105b5769badae840584

        SHA1

        80ea05b2c2cf5d272a598c08a7e70b1e8652d9bf

        SHA256

        6cc2c98598069cdc28652e9634cbf6460f9d9dd8635251fb72ea1162ae88f5af

        SHA512

        b96013a30ede31a80f18044cafc79b9ab56cfbc1232f78583f02f9a43919bf27f8a279873c31f53aa8fd6036b66688a25ec241a680e2351d0ceae9ee8a6e568a

        Download Submit

      • memory/276-106-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/276-105-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/760-90-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/760-88-0x000007FEFBCB1000-0x000007FEFBCB3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/760-89-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/1268-96-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/1700-93-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1700-97-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1700-94-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1724-99-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1724-100-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1724-108-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1828-91-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1828-87-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1828-86-0x0000000000400000-0x00000000006B8000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1828-85-0x0000000075211000-0x0000000075213000-memory.dmp

        Filesize

        8KB

        Download