Overview

overview

10

Static

static

1

049678cfcf...d8.msi

windows7-x64

10

049678cfcf...d8.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    049678cfcf03f4908e7dc5b5a8e12d89fa9eb576c7b508ee1f553c1e08fee7d8.msi

  • Size

    1.8MB

  • MD5

    5d1218b97ae88e093951b73f8211dd0c

  • SHA1

    d9c2b229d47cfa5c3b4744b6cd79982f6db9c364

  • SHA256

    049678cfcf03f4908e7dc5b5a8e12d89fa9eb576c7b508ee1f553c1e08fee7d8

  • SHA512

    b69233f31fbe685b8c9e2abf11284bae19dc83146d19650d233fc9bdf33888c414661070fbccee9367f3941c49180fbea6504ae751fa2e87b80138ee818e841d

  • SSDEEP

    49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT

Score
10/10
darkgateaa11discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

AA11

C2

http://94.228.169.143

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    bABouSDRyBocvj

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    AA11

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 13 IoCs
  • NSIS installer 2 IoCs
    installer
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 57 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\049678cfcf03f4908e7dc5b5a8e12d89fa9eb576c7b508ee1f553c1e08fee7d8.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2108
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D0AD3817BAE9C285C1FCA4C1AD4291A7
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Windows\SysWOW64\ICACLS.EXE
        "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
        3⤵
        • Modifies file permissions
        PID:1040
      • C:\Windows\SysWOW64\EXPAND.EXE
        "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
        3⤵
        • Drops file in Windows directory
        PID:1944
      • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
        "C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2064
        • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\Autoit3.exe
          "C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\Autoit3.exe" C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\script.au3
          4⤵
          • Executes dropped EXE
          • Checks processor information in registry
          PID:1612
      • C:\Windows\SysWOW64\ICACLS.EXE
        "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\." /SETINTEGRITYLEVEL (CI)(OI)LOW
        3⤵
        • Modifies file permissions
        PID:1256
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2156
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C8" "00000000000002C8"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files.cab
    Filesize

    1.5MB

    MD5

    5db928e279f821e733a8e8a404c5fd5a

    SHA1

    c76a81b6632724d027611c5a78e2b233bdcf197c

    SHA256

    89231e4af7cf31fe0e57aef0b76f37db9f6f66b078c12e6d973825290a616ce1

    SHA512

    cd37952521969e791d94966ee4182b975a6153df79fe979bde625d993445338d1609cbfb4dc0d34ceea8ebc85cb58c2569523f8c50b6770e64431cb2b7e90354

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\Autoit3.exe
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\Autoit3.exe
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerIE.DLL
    Filesize

    620KB

    MD5

    20f10fe9d17f9cf2d8e9772957b9ebe4

    SHA1

    dc8b8a023e31636719a7d88233aaf54cc80d2715

    SHA256

    2a637f0dc2136bd4241ec57bcf022e22e55eaf7f33be93495f1f1bea49d59988

    SHA512

    9b1306fa921167fdda1b0a6134c74ae676813c364e6e9de2c99dcefb6970a42339ecfe4f8e6140550a42067e8717900164ff046797c072971a8b51472c3f2269

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.dll
    Filesize

    92KB

    MD5

    760aa6f15db378dda44f262e1349e28d

    SHA1

    9bb9a0caa54e8b2560245430f33985996b2d40f3

    SHA256

    ee04957d0010ca2134c4770b434b2fdec08a25400b474dd51f47d5d1dc8d574b

    SHA512

    c6cf081dc189d88c85d01832f5cb09ff42c1264d7d4c548a336a33b97ec0b0b24aeb25076fd24db7db2f7a7ced6eccc67d26497352f7eeb1d29bb9c0a59abce6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\Uninstall.exe
    Filesize

    88KB

    MD5

    6de8cb9727907a59bcaf9871cc493c70

    SHA1

    a0ea933423c48d36718dca842994b83e5ffc4756

    SHA256

    408c0fbf2992f89b058bdb228670ff27a68ef0a7a3b648a33ff86ecc39139a11

    SHA512

    a48d97a7862eeda211a59d1023071641c91c3065a347ad060c40f86532db36010f5c89b0f6ab427a783ccce45485e42cf6443a14c72faa118c9b0a4c34b5c21e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\ipefxaxq
    Filesize

    1.8MB

    MD5

    5ebab6046d7b361b12c30f8f56197abc

    SHA1

    95f6bd06c917732da2663d7bd9aeedbbe112b520

    SHA256

    25eb89da04c22d6833d7aaf9b12f47b262c5fba0e7b1e7a5702d5ec5df4c3027

    SHA512

    041a10136c64b143c5c81492cc62b79719bf22596276cdc052875b08e80c185cc929009e2485695ddd1c8eaa4d442ecfa6709c7ad697950827e43cade6fecb0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\jnulzbm
    Filesize

    8B

    MD5

    7a27eee407959b2458f661d9cf3e367f

    SHA1

    e4174c47f0560507edd7a8bfa6de873f1c8ef86a

    SHA256

    b6a3433951f93ce9688489eaffa1b72a75be24f518ec7ec9c2c18053d7c7be1e

    SHA512

    61b7edc9351641f26bbca4eeef63d1a9e142efda440cedaf73780f5ebe8297ae56d74802d265fbca3984d5ecb0d38e4a1002979e53679e5fa1804d1b5bab10a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\keyscrambler.ico
    Filesize

    39KB

    MD5

    fde5504bbf7620aca9f3850511c13a45

    SHA1

    484382ecc232cedc1651fba5f9311e9164f43369

    SHA256

    932409eb2abfc31f2dd218240de70a150359ea8ab09fcceb1f076b9a17c844b7

    SHA512

    6d67be9398fcc2b85fe4fd7357f37d6cfc1d3e548f713319080707c750b66d2b1e631c79a7e745c56b1a72be91735156e3989eff8d0b84c3442c0fa548c2a6b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\keyscrambler.sys
    Filesize

    225KB

    MD5

    9baf5236d65a36ed2c388cf04108ab9f

    SHA1

    f5e28edea04a00b5e8806130cd2736336c6e3792

    SHA256

    9e79960a40797c11a007d9c8e6a4bce721baf603f5d651f5485eb5481c717b12

    SHA512

    1fc899c37e628adbe05a53812e6106332de7dbef83ce72094dd228067eefa71d09abe55d250b35d93f7454b9596073de95af6700e543c17bb5d43e7de0fcac1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\script.au3
    Filesize

    921KB

    MD5

    d27371f6316a8761d6e1fe90613c3365

    SHA1

    aaa7052ce6872e777615b0a52f76e2c20f11136c

    SHA256

    4525d1bdc7a55bfcae1b691e2dc333bcb97c03fc47c37f31656b0d9dcbb681a7

    SHA512

    000cb911c697179c3030436ebbe92de3406c6b318bb8653b7d3111293bca5a8a710e0f411c3b963f12c87cea5d7f3fa1befac5e13a2e94a77253f44f3383c9ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\msiwrapper.ini
    Filesize

    1KB

    MD5

    20b91d535e47dc00e9bdf173659a1c0c

    SHA1

    4b1ae677a5a8c597b0b4858530116f24d64ef028

    SHA256

    2dc07e7abe5bf34a4b72f049692478c2d88bea82adf317fc092ff6098c4d52c7

    SHA512

    b1505be057b67b81d359b67233f5e470f2134f43f7ffafb9d7b0c36802cacf482bf37a3ad86486a7e6ffc1d4b0477a3a5bc04f76716bce16e3f03f31de83bea2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\msiwrapper.ini
    Filesize

    1KB

    MD5

    b4a37289cb364421ec691fb9fce02967

    SHA1

    c03326381e9a54c43c6089ee7090317a24d9447d

    SHA256

    cba4ad67c3d384b1962d439830ee8b89016449189254ac7e4e047ab58987f20a

    SHA512

    f7ab9489450dc902f2d9b3bc3b7c55413c81340555991b636a3eaab99d050e12c44a01edbdc5b7cd1960ef7f5d33fb456b9a2812dd024fb997ace41d44798f29

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\msiwrapper.ini
    Filesize

    1KB

    MD5

    b4a37289cb364421ec691fb9fce02967

    SHA1

    c03326381e9a54c43c6089ee7090317a24d9447d

    SHA256

    cba4ad67c3d384b1962d439830ee8b89016449189254ac7e4e047ab58987f20a

    SHA512

    f7ab9489450dc902f2d9b3bc3b7c55413c81340555991b636a3eaab99d050e12c44a01edbdc5b7cd1960ef7f5d33fb456b9a2812dd024fb997ace41d44798f29

    Download Submit

  • C:\Windows\Installer\MSI1056.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • C:\Windows\Installer\MSI29A2.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\Autoit3.exe
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerIE.dll
    Filesize

    620KB

    MD5

    20f10fe9d17f9cf2d8e9772957b9ebe4

    SHA1

    dc8b8a023e31636719a7d88233aaf54cc80d2715

    SHA256

    2a637f0dc2136bd4241ec57bcf022e22e55eaf7f33be93495f1f1bea49d59988

    SHA512

    9b1306fa921167fdda1b0a6134c74ae676813c364e6e9de2c99dcefb6970a42339ecfe4f8e6140550a42067e8717900164ff046797c072971a8b51472c3f2269

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-6f74878a-3f3f-41ba-b514-6489de78a586\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Windows\Installer\MSI1056.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • \Windows\Installer\MSI29A2.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • memory/1612-123-0x00000000008D0000-0x0000000000CD0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1612-124-0x00000000028F0000-0x00000000029E5000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1612-126-0x0000000003280000-0x0000000003643000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1612-125-0x00000000028F0000-0x00000000029E5000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1612-129-0x0000000003280000-0x0000000003643000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2064-104-0x0000000002580000-0x0000000002CB0000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/2064-106-0x0000000002E80000-0x0000000002F75000-memory.dmp

    Filesize

    980KB

    Download

  • memory/2064-103-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download