Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

d20c169833...13.exe

windows7-x64

10

d20c169833...13.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d20c169833df7d5a176530bf19e65813.exe

  • Size

    6.0MB

  • MD5

    d20c169833df7d5a176530bf19e65813

  • SHA1

    4bb46ef4c7418900e4c4137f4aaded4b3b6f30d2

  • SHA256

    5d3bdd91e0b184716f9c229e5bc3d6e7f0c349e1db0a570fe6032b7bd651059a

  • SHA512

    c17f96d92fd8e8f892324c7f61c23b118fdc7fb032999e13b2c80c75859232b4754ecbae07d200a4fff326f5ee104420b89f39f74571dee6d3bf03dd19eba3f2

  • SSDEEP

    98304:g15EKFX859DrkzOMQhlCkGYbEAFkyXuzD5+u0c8jLgRGEveTjoM9hY/C:i2Z9vk0hAKbEAFpXQ9d0PjMnveTjoGhz

Score
10/10
amadeyevasionspywarestealerthemidatrojan

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.5

Attributes
  • install_dir

    4fdb51ccdc

  • install_file

    Utsysc.exe

  • strings_key

    11bb398ff31ee80d2c37571aecd1d36d

  • url_paths

    /v8sjh3hs8/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs
    evasion
  • Blocklisted process makes network request 2 IoCs
  • Checks BIOS information in registry 2 TTPs 8 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 42 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d20c169833df7d5a176530bf19e65813.exe
    "C:\Users\Admin\AppData\Local\Temp\d20c169833df7d5a176530bf19e65813.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4372
    • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
      "C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe" /F
        3⤵
        • Creates scheduled task(s)
        PID:4932
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\cred64.dll, Main
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:5084
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\cred64.dll, Main
          4⤵
          • Blocklisted process makes network request
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4976
          • C:\Windows\system32\netsh.exe
            netsh wlan show profiles
            5⤵
              PID:3524
            • C:\Windows\system32\tar.exe
              tar.exe -cf "C:\Users\Admin\AppData\Local\Temp\598572287102_Desktop.tar" "C:\Users\Admin\AppData\Local\Temp\_Files_\*.*"
              5⤵
                PID:4028
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\clip64.dll, Main
            3⤵
            • Blocklisted process makes network request
            • Loads dropped DLL
            PID:4800
      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:4584
      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:3908

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        Filesize

        793KB

        MD5

        090549c76078e8b35ff41fa7f1a2db46

        SHA1

        369d65b58843110c546f23dbcee257cd665101c6

        SHA256

        220bfd16687c367a90ad6167a1924b928cd8af91077247a80e7460189a2edb93

        SHA512

        0ecf6c1408cbd2a58cc47ced33fcc4b5d84e2ba7ea64ad88b00644d82d4c1970aa07e53c02b2313f725e31ff81f804a1bf26bfb05c122d3d90b8951c274763d4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        Filesize

        2.8MB

        MD5

        f7ae5d8b4ef1f15c4da2ba15c916f49e

        SHA1

        8d22c1f1d75d736843446f46056e1666142e28e2

        SHA256

        a5d94741d7887de492676460fe35fe3752b98737d80d5be2911bf41738791877

        SHA512

        db48893fdd6ab9c77aab71a59aba8987b17867bb52b3a6cb5180b0941ffb3b7634af4352d2811778973ca692b40fe3c9873a40329a7eb1f80f326a945f39cf7f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        Filesize

        432KB

        MD5

        05d0ac9949fc3b3207b5c1b24b67aa05

        SHA1

        92b8aad3eefabeb444a89bdad4e506b5ac80f7da

        SHA256

        072f118e50fd55e20543398f9c1c0643a49eb10edce8ace34e3797b363862676

        SHA512

        c4d9052631e58041bd6439d3da9737eeb2cf0624cbf96ae9155ee19888169e126852996580e088607d34c9fa43c19245089d796fe04bd976869b2f74139f579b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        Filesize

        33KB

        MD5

        fbfc4e2f6337786a91aeebf4cc8d383a

        SHA1

        96dfe13298f9ee8ba2c995bc75630c884d92de1c

        SHA256

        4058d5428b93f80aa116775437421c2a26027fa7f22c348ebb9620c1d86118a7

        SHA512

        697443246c06937965e8722b478d458e12bcf8c0f4daa5b4754e062759b3318189f54ae55124a70b9be4424f8e3f4a3e77192f6c6023d7020f773f6e9b03b9f9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4fdb51ccdc\Utsysc.exe
        Filesize

        482KB

        MD5

        3999668ac8ce6725f1a4cd7a4e513639

        SHA1

        0518eaa515be6819462717fb4f461399c691b8de

        SHA256

        e99c2906828e84a561dea6ea0c1b6197ccb98e6dd9e9122014a1766d4c7b1816

        SHA512

        15b9e8b38efd282e28f31b57c275d696e3743efe99df1fdf8edc8640a91b23b3550adf36d646d735ae00cb87ab7e9b737351e03203627a7ff763d48ac7a75424

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\598572287102
        Filesize

        77KB

        MD5

        d5a6a6e49c22f5074966c4a496a6a568

        SHA1

        d8be8f3a6dedc77c1a28901ed24fcf94ab21e6fe

        SHA256

        17641f1ee63da6a09ec7b56dbb5418cc8ef61e989bdabef11a514b7eb37a6d9a

        SHA512

        6013fca103e679d6d9d5f0b8b9855f284b2e08cbd62e123c4b3d45dfc2b22679d0191f3ecd96b7c9db7e69b3df5d7fbe090a28ddd6f07f202561f70bb8cda94a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\598572287102_Desktop.tar
        Filesize

        1024B

        MD5

        0f343b0931126a20f133d67c2b018a3b

        SHA1

        60cacbf3d72e1e7834203da608037b1bf83b40e8

        SHA256

        5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

        SHA512

        8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461

        Download Submit

      • C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\clip64.dll
        Filesize

        102KB

        MD5

        c06513af505f65393b4ebcd2a11a2ee4

        SHA1

        6e9e8a6b93fc9afbcc781790881d821b0bfb0821

        SHA256

        f5d35a2366cf13312a30c9384f1ac30d9dc9ced46fa6b1b9c2d0621493cc2495

        SHA512

        b90b8dc0571b2dde83c5ceaa4f12f203973bc2049663c0a840fa20a900bc7018f1f392f10273a607e816ccaf8a2b4f70bbc30b354437a2c9aecf5626b7c0a5ce

        Download Submit

      • C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
        Filesize

        72KB

        MD5

        34146d7dd1c05502d46d0a1ab3aab506

        SHA1

        4d260b7cf86da4362d7bdf009f0955143df29d08

        SHA256

        a3ef079777b533f9f39ffaadf3816aa6655f4051e65852676287a4e1bb5d1885

        SHA512

        32850e0e4aecc7014d6f58e75b9bb079795798ec08baf59c3f7a04357f31b98556f07cd9670454be0266388e13ad33ba084b666234a18af6196be96c45b870ce

        Download Submit

      • C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
        Filesize

        72KB

        MD5

        bd55a9d6ce8a492753db3b1ee66813b8

        SHA1

        e82a23bdb8c67dbd32c5c3e69427629d43113c73

        SHA256

        83d990b89db2389cff8aed2c7a14e3b547a83ab9383e9034a298e97a2cf797ec

        SHA512

        f47e4be2f807079b076469b242b6b633fe7eba39f0ef387a15d62125b3647b23f8b0f3668f2a22b0bd676e7d17e9b2722fc9476e1bac9cdec0344c3111d3d6ff

        Download Submit

      • C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
        Filesize

        25KB

        MD5

        d4a7fe2a9011b44072740bc8adad8743

        SHA1

        cfec4aafe15e2bd5e5764f1d1fea72e86bd00366

        SHA256

        2e15f3d987b44209b90561a1ca407e2bb7156622d1a800f0d29fdebd31ecda56

        SHA512

        2d65437f8f717765bcb4de5ffed8a5caa32527300d5e0cd1e0543e05fcc4b5d111915304b98e6f96142805c020764926d682df4996d2219df2765a6e06b1ce2e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\80c6bf70bf3f8f\cred64.dll
        Filesize

        515KB

        MD5

        76c11a21131709993c5ca6a3227cb510

        SHA1

        952b5de35b208bc0607f2c73fd4e7a2102a08497

        SHA256

        4313796796c192211a5edc3439a66917b175e4a5c8d1df8b5212739be8ecb790

        SHA512

        f6078c4d11f61adac622650219487e9b0d5c8c67ee5b6e77eb54f8bb7dbb2a29e36cdd95637343c10383bb5a53bc85b88a1b082aa0390703c1df9f050b010678

        Download Submit

      • memory/2924-39-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-48-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-75-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-91-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-92-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-64-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-63-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-62-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-61-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-107-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-94-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-95-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-93-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-44-0x0000000001F30000-0x0000000001F31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-47-0x0000000001F60000-0x0000000001F61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-46-0x0000000001F50000-0x0000000001F51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-45-0x0000000001F40000-0x0000000001F41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-90-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-43-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-42-0x0000000001F00000-0x0000000001F01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-41-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2924-54-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-55-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-57-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-56-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/2924-58-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-59-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/2924-60-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/3908-152-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/3908-157-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/3908-158-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/3908-159-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/3908-160-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/3908-169-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/3908-170-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4372-7-0x0000000003310000-0x0000000003311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4372-1-0x0000000000740000-0x0000000000741000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4372-6-0x0000000003300000-0x0000000003301000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4372-19-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-3-0x0000000000A80000-0x0000000000A81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4372-14-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4372-15-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4372-16-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4372-40-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4372-38-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-0-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-4-0x00000000032F0000-0x00000000032F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4372-17-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4372-2-0x0000000000750000-0x0000000000751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4372-20-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-21-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-22-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-23-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-24-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-25-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4372-18-0x0000000077214000-0x0000000077216000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4372-5-0x0000000000A90000-0x0000000001A4A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-112-0x0000000001BE0000-0x0000000001BE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4584-134-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-127-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4584-125-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4584-124-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4584-128-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-129-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-130-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-131-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-132-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-133-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-126-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4584-135-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-136-0x0000000076170000-0x0000000076260000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4584-111-0x0000000001BD0000-0x0000000001BD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4584-113-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4584-114-0x0000000002030000-0x0000000002031000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4584-119-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-117-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download

      • memory/4584-115-0x0000000002040000-0x0000000002041000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4584-116-0x0000000002050000-0x0000000002051000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4584-110-0x0000000000B60000-0x0000000001B1A000-memory.dmp

        Filesize

        15.7MB

        Download