Overview

overview

10

Static

static

1

1.msi

windows7-x64

10

1.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    175s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.msi

  • Size

    1.8MB

  • MD5

    691cb50fb8459ffacfcb82cfacb6feb6

  • SHA1

    e43e20c942ad06433ffee8ec7b04bb384973d5d7

  • SHA256

    b9aeb7f233ebc00cfe8be8832a8eb48d2c1e5bfa69cfdba4ecc9ee054e55b59f

  • SHA512

    a9ea4d3cc045a9ee9379a76469356d12b17279eb3194bf3f39f07cd3fc15b180200f88a78fb84ecec04ba83e4eeca30752b842df7534402de1203ec42a898f38

  • SSDEEP

    49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT

Score
10/10
darkgateaa11discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

AA11

C2

http://94.228.169.143

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    bABouSDRyBocvj

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    AA11

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 13 IoCs
  • NSIS installer 2 IoCs
    installer
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 57 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\1.msi
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1988
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B6DFDBF156DBD0A7CE1CDC4EA3D934C1
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:644
      • C:\Windows\SysWOW64\ICACLS.EXE
        "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
        3⤵
        • Modifies file permissions
        PID:2236
      • C:\Windows\SysWOW64\EXPAND.EXE
        "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
        3⤵
        • Drops file in Windows directory
        PID:456
      • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
        "C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2208
        • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\Autoit3.exe
          "C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\Autoit3.exe" C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\script.au3
          4⤵
          • Executes dropped EXE
          PID:688
      • C:\Windows\SysWOW64\ICACLS.EXE
        "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\." /SETINTEGRITYLEVEL (CI)(OI)LOW
        3⤵
        • Modifies file permissions
        PID:1960
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2604
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002FC" "00000000000004D0"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files.cab
    Filesize

    1.5MB

    MD5

    5db928e279f821e733a8e8a404c5fd5a

    SHA1

    c76a81b6632724d027611c5a78e2b233bdcf197c

    SHA256

    89231e4af7cf31fe0e57aef0b76f37db9f6f66b078c12e6d973825290a616ce1

    SHA512

    cd37952521969e791d94966ee4182b975a6153df79fe979bde625d993445338d1609cbfb4dc0d34ceea8ebc85cb58c2569523f8c50b6770e64431cb2b7e90354

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\Autoit3.exe
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\Autoit3.exe
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerIE.DLL
    Filesize

    620KB

    MD5

    20f10fe9d17f9cf2d8e9772957b9ebe4

    SHA1

    dc8b8a023e31636719a7d88233aaf54cc80d2715

    SHA256

    2a637f0dc2136bd4241ec57bcf022e22e55eaf7f33be93495f1f1bea49d59988

    SHA512

    9b1306fa921167fdda1b0a6134c74ae676813c364e6e9de2c99dcefb6970a42339ecfe4f8e6140550a42067e8717900164ff046797c072971a8b51472c3f2269

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.dll
    Filesize

    92KB

    MD5

    760aa6f15db378dda44f262e1349e28d

    SHA1

    9bb9a0caa54e8b2560245430f33985996b2d40f3

    SHA256

    ee04957d0010ca2134c4770b434b2fdec08a25400b474dd51f47d5d1dc8d574b

    SHA512

    c6cf081dc189d88c85d01832f5cb09ff42c1264d7d4c548a336a33b97ec0b0b24aeb25076fd24db7db2f7a7ced6eccc67d26497352f7eeb1d29bb9c0a59abce6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\Uninstall.exe
    Filesize

    88KB

    MD5

    6de8cb9727907a59bcaf9871cc493c70

    SHA1

    a0ea933423c48d36718dca842994b83e5ffc4756

    SHA256

    408c0fbf2992f89b058bdb228670ff27a68ef0a7a3b648a33ff86ecc39139a11

    SHA512

    a48d97a7862eeda211a59d1023071641c91c3065a347ad060c40f86532db36010f5c89b0f6ab427a783ccce45485e42cf6443a14c72faa118c9b0a4c34b5c21e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\ipefxaxq
    Filesize

    1.8MB

    MD5

    5ebab6046d7b361b12c30f8f56197abc

    SHA1

    95f6bd06c917732da2663d7bd9aeedbbe112b520

    SHA256

    25eb89da04c22d6833d7aaf9b12f47b262c5fba0e7b1e7a5702d5ec5df4c3027

    SHA512

    041a10136c64b143c5c81492cc62b79719bf22596276cdc052875b08e80c185cc929009e2485695ddd1c8eaa4d442ecfa6709c7ad697950827e43cade6fecb0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\jnulzbm
    Filesize

    8B

    MD5

    7a27eee407959b2458f661d9cf3e367f

    SHA1

    e4174c47f0560507edd7a8bfa6de873f1c8ef86a

    SHA256

    b6a3433951f93ce9688489eaffa1b72a75be24f518ec7ec9c2c18053d7c7be1e

    SHA512

    61b7edc9351641f26bbca4eeef63d1a9e142efda440cedaf73780f5ebe8297ae56d74802d265fbca3984d5ecb0d38e4a1002979e53679e5fa1804d1b5bab10a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\keyscrambler.ico
    Filesize

    39KB

    MD5

    fde5504bbf7620aca9f3850511c13a45

    SHA1

    484382ecc232cedc1651fba5f9311e9164f43369

    SHA256

    932409eb2abfc31f2dd218240de70a150359ea8ab09fcceb1f076b9a17c844b7

    SHA512

    6d67be9398fcc2b85fe4fd7357f37d6cfc1d3e548f713319080707c750b66d2b1e631c79a7e745c56b1a72be91735156e3989eff8d0b84c3442c0fa548c2a6b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\keyscrambler.sys
    Filesize

    225KB

    MD5

    9baf5236d65a36ed2c388cf04108ab9f

    SHA1

    f5e28edea04a00b5e8806130cd2736336c6e3792

    SHA256

    9e79960a40797c11a007d9c8e6a4bce721baf603f5d651f5485eb5481c717b12

    SHA512

    1fc899c37e628adbe05a53812e6106332de7dbef83ce72094dd228067eefa71d09abe55d250b35d93f7454b9596073de95af6700e543c17bb5d43e7de0fcac1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\script.au3
    Filesize

    921KB

    MD5

    d27371f6316a8761d6e1fe90613c3365

    SHA1

    aaa7052ce6872e777615b0a52f76e2c20f11136c

    SHA256

    4525d1bdc7a55bfcae1b691e2dc333bcb97c03fc47c37f31656b0d9dcbb681a7

    SHA512

    000cb911c697179c3030436ebbe92de3406c6b318bb8653b7d3111293bca5a8a710e0f411c3b963f12c87cea5d7f3fa1befac5e13a2e94a77253f44f3383c9ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\msiwrapper.ini
    Filesize

    1KB

    MD5

    4e93d6aa888474ce56bce2996ba3e23d

    SHA1

    8d2801006a3a0942b057fad76ce01f7a395b32ad

    SHA256

    8cc1a3930133b2f8196d2d1e62130960ce74d96d8cef7400909b7c05e1edce7a

    SHA512

    79a3a8110c92b4ad22dcd45bf103804bc6f2f3b33445c3e7644db0930e720039131f2f9ad1946a095eb500e7893bcf7b78a38cfbf6f8eff45fc7951df55fc09f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\msiwrapper.ini
    Filesize

    1KB

    MD5

    689d4870a70b61ebe3a030a602b6e652

    SHA1

    546ba593256848d2546ceab5e82c693bb7b913c2

    SHA256

    0a24ecdf6709249df6086ae16bc77c94559708fa38e2f97b70d7b5725b34c46d

    SHA512

    25baf21c012e5c871f792690589549ea4140fdcb8ef2f3f25dfce2761fbcfe1b9e92e292fb6013cb57b22fc5895adbc4501a9e31ceaaed983d057715a5cb9a6e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\msiwrapper.ini
    Filesize

    1KB

    MD5

    8ab11bf4aee99c86dfe57ba9a710bad6

    SHA1

    c45367b90ba322cdce50fd15f96bd13f06680535

    SHA256

    f1292d2b2541e24641e36a16c7255bb360fd71346b9001226323ffacc4dfae3f

    SHA512

    900eda4b5eaa0f9001feabfb691a3973d9b37c6459775fd183a5b591fe49bc379089d2efdbbce77a3cec923c22e33bab0a592ae640947a3c70bf6fa7226a85ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\msiwrapper.ini
    Filesize

    1KB

    MD5

    8ab11bf4aee99c86dfe57ba9a710bad6

    SHA1

    c45367b90ba322cdce50fd15f96bd13f06680535

    SHA256

    f1292d2b2541e24641e36a16c7255bb360fd71346b9001226323ffacc4dfae3f

    SHA512

    900eda4b5eaa0f9001feabfb691a3973d9b37c6459775fd183a5b591fe49bc379089d2efdbbce77a3cec923c22e33bab0a592ae640947a3c70bf6fa7226a85ab

    Download Submit

  • C:\Windows\Installer\MSIB155.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • C:\Windows\Installer\MSICAB1.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\Autoit3.exe
    Filesize

    872KB

    MD5

    c56b5f0201a3b3de53e561fe76912bfd

    SHA1

    2a4062e10a5de813f5688221dbeb3f3ff33eb417

    SHA256

    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    SHA512

    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerIE.dll
    Filesize

    620KB

    MD5

    20f10fe9d17f9cf2d8e9772957b9ebe4

    SHA1

    dc8b8a023e31636719a7d88233aaf54cc80d2715

    SHA256

    2a637f0dc2136bd4241ec57bcf022e22e55eaf7f33be93495f1f1bea49d59988

    SHA512

    9b1306fa921167fdda1b0a6134c74ae676813c364e6e9de2c99dcefb6970a42339ecfe4f8e6140550a42067e8717900164ff046797c072971a8b51472c3f2269

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MW-9c154290-3983-4d50-a9ec-15a6ecd077ce\files\KeyScramblerLogon.exe
    Filesize

    500KB

    MD5

    c790ebfcb6a34953a371e32c9174fe46

    SHA1

    3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    SHA256

    fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    SHA512

    74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    Download Submit

  • \Windows\Installer\MSIB155.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • \Windows\Installer\MSICAB1.tmp
    Filesize

    208KB

    MD5

    d82b3fb861129c5d71f0cd2874f97216

    SHA1

    f3fe341d79224126e950d2691d574d147102b18d

    SHA256

    107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

    SHA512

    244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

    Download Submit

  • memory/688-129-0x0000000003320000-0x00000000036E3000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/688-131-0x00000000029C0000-0x0000000002AB5000-memory.dmp

    Filesize

    980KB

    Download

  • memory/688-127-0x0000000000BA0000-0x0000000000FA0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/688-128-0x00000000029C0000-0x0000000002AB5000-memory.dmp

    Filesize

    980KB

    Download

  • memory/688-130-0x0000000000BA0000-0x0000000000FA0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2208-111-0x0000000000480000-0x0000000000522000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2208-112-0x0000000002550000-0x0000000002C80000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/2208-114-0x0000000000D80000-0x0000000000E75000-memory.dmp

    Filesize

    980KB

    Download

  • memory/2208-102-0x0000000000480000-0x0000000000522000-memory.dmp

    Filesize

    648KB

    Download