Overview

overview

8

Static

static

3

NovaInstaller.exe

windows7-x64

8

NovaInstaller.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2023, 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NovaInstaller.exe

  • Size

    152.4MB

  • MD5

    b22a99d3bcaec970a0ff099b095053fc

  • SHA1

    8f3ddffd78e901182382cd56994fab1e85171359

  • SHA256

    423ecb6f566708e142c7be0cbc1cb7475eb1f6c017c00799592a0a5a124ff13e

  • SHA512

    745b56187b4abf7fbf92cca79f85c436600a83caef7a88d9fa4d7870a425ac111e64d2920357d16018e1bdfb36197b155767a9095912367d2b8e1e2b7909188e

  • SSDEEP

    786432:zpj24RRx7jChNQNt/ZYLy/pGyjOy5l7y953zQ3TtLwSTRpf4P1wT1XKTTmBEA/rI:zN2ExfWNQNt/ZL3+jRuBQ

Score
8/10
persistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 13 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NovaInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\NovaInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
      "windowsdesktop-runtime-6.0.15-win-x64.exe" /S
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
        "C:\Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe" -burn.filehandle.attached=184 -burn.filehandle.self=192 /S
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2828
        • C:\Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
          "C:\Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe" -q -burn.elevated BurnPipe.{694E700A-325C-4165-8FF3-6D1E90548BA4} {487E8081-F767-4ED8-9CF5-96262289CF7E} 2828
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Modifies registry class
          PID:2424
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 604
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7CB6.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    54.7MB

    MD5

    1a6d60add2d112dd73e83fb46dca474d

    SHA1

    8b374a54f508cfdb8c8176bfaef96f37edf7170b

    SHA256

    aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

    SHA512

    49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    54.7MB

    MD5

    1a6d60add2d112dd73e83fb46dca474d

    SHA1

    8b374a54f508cfdb8c8176bfaef96f37edf7170b

    SHA256

    aa0c922c9c65f11b75747343b4711a0bdc8dc8ac1bd38da7c3ecd01ce28c8545

    SHA512

    49192c5141bb04dc19483e8b1adec9c6f56fa54ef8c55e2f4fa4aae73abf9119bb7b1dff3d8f9b3307c50de8989669398a5f6d8dc4323b81b6a1def5ee6c6e79

    Download Submit

  • C:\Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.ba\bg.png
    Filesize

    4KB

    MD5

    9eb0320dfbf2bd541e6a55c01ddc9f20

    SHA1

    eb282a66d29594346531b1ff886d455e1dcd6d99

    SHA256

    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

    SHA512

    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

    Download Submit

  • C:\Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • C:\Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\NovaInstaller\axcgh20z.3zq\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    ca68272d2c97f1e145f50b8cd1edf3a6

    SHA1

    83097400436f111c13ee34740e66b3de0542914b

    SHA256

    ff5dddae92b3798cc00c14a706ecb6329c27aa6d7bb6e82b393cf8b7366458ba

    SHA512

    ffc670aea4dad0113196d594c0fd07a838123e485ffebe3b728b8a18403b0bb82b042ccf23019c850a62466990b10a2e94102178326df735e4815dba7811d502

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\NovaInstaller\axcgh20z.3zq\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    5a137f1c0db458b0e5bb642f5293d3e6

    SHA1

    6f66bf8ad1a930c7021a95025b81af6169508a08

    SHA256

    334a78b0e495b25b9b828216c4613a8a169129c583245da3c3b2b923d4e4c39b

    SHA512

    d645f9c57523296923e2753202dbcd2a09f75bf46ac9a5a5525182d1d90b6f2fb078789150f4aeeafca8717098670780cbdb1e81fdb7fdd32d5ad791a2cafc79

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\NovaInstaller\axcgh20z.3zq\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    c8af68f307e0868e673d6e69924b3b81

    SHA1

    fbf565bdc0c1fe97b57690e3be751452d7e2fc56

    SHA256

    23db27f5a6d7b9993f3d5179e4021913cd977d810fbfd8c482f601aee9759e47

    SHA512

    cb4d21179504de09c62629a7b4cb23d4b771f477bf888927896abb143214451c4ad6210f2586a4e442b68eb39b9af7f42c916931849dd650044152ce7bf25720

    Download Submit

  • \Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • \Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • \Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • \Windows\Temp\{FD8061ED-053C-4EEB-B9DF-E9E7AED137AF}\.be\windowsdesktop-runtime-6.0.21-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • \Windows\Temp\{FE94798B-5A66-41A6-8025-52139FCA6B34}\.cr\windowsdesktop-runtime-6.0.15-win-x64.exe
    Filesize

    610KB

    MD5

    ff67a2a55ed6998ab527273d547fc00f

    SHA1

    852712b95ca05de8f336f07ff9ac672281b91215

    SHA256

    71dc12e39274b7a94f1a44b1ebe1a1507adf9884db5fdcd4cd9346b4c9fbe0c9

    SHA512

    48eb6bcb087d23ffb4e85501d23e55a4a15e8e0d2b4ca402a46df5946640f7e33c47deb785142af0fbc8cb10b6f9731500a370168cb43fd02642b29a880151d9

    Download Submit

  • memory/1116-48-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-52-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-60-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-59-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-58-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-57-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-61-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-63-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-62-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-69-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-68-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-67-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-66-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-64-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-65-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-54-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-53-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-55-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-1063-0x0000000023F00000-0x0000000023F0A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1116-1087-0x000000013F510000-0x000000013FE3E000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/1116-1107-0x0000000023F00000-0x0000000023F0A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1116-56-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-51-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-50-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-49-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-5-0x0000000180000000-0x0000000180A23000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1116-47-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1116-44-0x0000000000580000-0x0000000000599000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1116-41-0x0000000022D10000-0x0000000022DD4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/1116-38-0x0000000002340000-0x000000000236E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1116-35-0x0000000000340000-0x000000000034D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1116-32-0x0000000000350000-0x0000000000358000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1116-29-0x00000000229F0000-0x0000000022A30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1116-26-0x0000000000560000-0x0000000000572000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1116-23-0x00000000229A0000-0x00000000229E7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1116-20-0x0000000001D50000-0x0000000001D71000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1116-17-0x0000000022FB0000-0x000000002310E000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1116-14-0x00000000231F0000-0x0000000023418000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1116-10-0x0000000024130000-0x00000000250B6000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/1116-11-0x000000013F510000-0x000000013FE3E000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/1116-8-0x0000000002110000-0x0000000002188000-memory.dmp

    Filesize

    480KB

    Download