Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

091f600fd4...96.exe

windows7-x64

10

091f600fd4...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    091f600fd48ae9602d1bb72d1f001796.exe

  • Size

    512KB

  • MD5

    091f600fd48ae9602d1bb72d1f001796

  • SHA1

    2b676b583b9bacf57a6364aa38832ac8b92f1ce9

  • SHA256

    27054ea6539792fda245ba1442d854124426aaddd75bd789b7be36de41078553

  • SHA512

    2b9900328aa47d5182f453662afa5c091426df0f46fc4a2ac96dd37978d69d09a587c9726a06f034baa4f5d37bafecbe9e0a71ba342dc77e812729305460b053

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6A:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5n

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 20 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\091f600fd48ae9602d1bb72d1f001796.exe
    "C:\Users\Admin\AppData\Local\Temp\091f600fd48ae9602d1bb72d1f001796.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Windows\SysWOW64\izahzclzui.exe
      izahzclzui.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4940
      • C:\Windows\SysWOW64\rqddbsxm.exe
        C:\Windows\system32\rqddbsxm.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3616
    • C:\Windows\SysWOW64\sgapkaufyqlum.exe
      sgapkaufyqlum.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5048
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:852
    • C:\Windows\SysWOW64\rqddbsxm.exe
      rqddbsxm.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1600
    • C:\Windows\SysWOW64\utxazorxmjhqsqi.exe
      utxazorxmjhqsqi.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    45KB

    MD5

    74e704fd05485b98276940d2e17342f1

    SHA1

    b82a549416f11c42444cb722e1cc81b08e4c3f64

    SHA256

    9413853930f8670aa6df532e0ef6cd36f274fbc6de39d875130c2f6ee000c08f

    SHA512

    ed5d3d85fe8e8a3ca9ce4f19145b99e2d523d658d850a1eaa6be5cefc84b6a9631862c145f445eec6829cd30cd444758149c45915be5981e5b35416de46c6740

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    17KB

    MD5

    52bf4cf395f40b18ede12b9afbce5e1d

    SHA1

    a0b6a992f6a64895bf33218fe3ceee17d5f3719d

    SHA256

    026b1bb566eb8de3a9bc2a902b4e1a2931dc4f162d64776ee80361ecefc9aa23

    SHA512

    5fbd3adf8d55d0c2e9cec057cca2d7e4258ac3dff499a2df3619dbdc4050b7d61e3ff9e2268a48f1d7b26ee7d5f53160d751831c9944ff3761ddd85044b824bc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    239B

    MD5

    5f2e5865881c5a30da07fc292ec6af93

    SHA1

    f330b08c3e6da6c92db77979789e5385101fe843

    SHA256

    eb2afa425636d43e37c9de0dc51e01da4330e907d40dcbd95d3d8c93f2ace2de

    SHA512

    3ce8a58c1045be6f2e1b2b728b9d4949826b919c3b3f5faecfaf64cfcd3b49aeebe47d29946050ffa1a690ff83822d260d2d9cd170f41e57ddd6c44236cf7621

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    7ed0ea6a37c7de32ff6c238023d074ea

    SHA1

    8f951a6d6f9d75b85a6497db5084053475b69978

    SHA256

    1780fabd480296814880ec82be111d52ce8ab7465b61d7258d2e1144d4ae174a

    SHA512

    fcb605b5bccb14fbe745e1ae6ef4dd122af066ad05d6fdc70443ef5c4b7ab42576c50fcebca359708232ef734f416310233bacecc78922fbd52cc0d627dfde58

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    161972bb5d600dedf46e35dc9ce0db29

    SHA1

    862517bb1a0e841e268a7f44fd1d6b85e0027009

    SHA256

    2848bfd6fe0ccad12b1d2c0e6aea5220c2f054fd3dc97c7e2afc7101d6773677

    SHA512

    164e8c20b944aabde404c37c86f5ae3ec797ea1c4d6faaff7116bdbbd974023c2f9671352ac03ae3ffdddda4a525a71ce4cdfa8997354fb4f3d8f05dcabb122c

    Download Submit

  • C:\Users\Admin\Documents\GetUnblock.doc.exe
    Filesize

    38KB

    MD5

    1fec2aa9dffe7dd316af140f57e14b6d

    SHA1

    4c1fa4d0759676451dcf47f0795f59ace3d3043b

    SHA256

    4dfff6d5aa37b3d2d99ada4aee8b5f59719c4aab47a684d6af9c315d26b452cc

    SHA512

    1a1314b49573c7f45b75a56c29af0f267723fb86c3d538f29a2b3f46de2b5797b8a147ae6ee908433587912cde0d99f7b8982b4069ab6a08c6d4be396cb003f4

    Download Submit

  • C:\Users\Admin\Documents\SetResume.doc.exe
    Filesize

    71KB

    MD5

    a995f697b6ebf0321796097739451f27

    SHA1

    893add72947768c840abbdbd09aa4f8bad4d6acf

    SHA256

    0a8f0447bc88c0aa83e24d3544d7f39e69d5c98f2424a77d1fed2a48ef159b21

    SHA512

    418a7f2943d7f3141f88af2aa1a69bf9ba6ccf10f903aa1a712af758e0c654635ec44cb1b1f1746d72e762d5305afcefc4d0f08101d2b3295986fea6a330f174

    Download Submit

  • C:\Windows\SysWOW64\izahzclzui.exe
    Filesize

    231KB

    MD5

    d6951e960a5fe8d286e27fc7e8dd0dde

    SHA1

    955968a206fd796fbf4d7b134c94d3905b5e0943

    SHA256

    72fea9af7010af598fa903a84efbc258a55328dc6a99708b6363d4bc397d6f48

    SHA512

    f3bfee2eb50d9ec50544f4aabdb8737adb1b717b9c5b4c59601ef6d5ea6cce555235dd06322edd754f111b5db04af806bc3980bfc20173824af6ad729b272e1e

    Download Submit

  • C:\Windows\SysWOW64\izahzclzui.exe
    Filesize

    90KB

    MD5

    f446ede37ac06f513c23839e9bbdb332

    SHA1

    996b15a40521e279da14ec927ad2c2b6f1eeeb44

    SHA256

    5cad4c5363d53a3b9fd4083e0afe278aa84b965893de36cb08dcd78ca1a4911c

    SHA512

    2cb48a136d00cf36e155ca5f7f0d9a3377e94a3bf5407ada220a81f191b5061cefdd8105a77f499c908fc41e100d65c270e76a616b9d2469b353cdfedc9223b5

    Download Submit

  • C:\Windows\SysWOW64\rqddbsxm.exe
    Filesize

    41KB

    MD5

    a560cbac1c6554f81aec7168b5df77dd

    SHA1

    8256749e2db3deaef0892dc0cd4a1f5eab26ca02

    SHA256

    dec74204620ba14c63fb51636469d8ae7adfcaba6f6f8abdb74de771ec5e6891

    SHA512

    1df45ba5e159342068e7205c697a4fb37794f66b1782741953875d514ce93f14e25c4a14b2dde1f939eaebf96919b986b01488f41faeb1ec6a7825f63aa93ae0

    Download Submit

  • C:\Windows\SysWOW64\rqddbsxm.exe
    Filesize

    99KB

    MD5

    7fc6cf931da79ecd4267f22c6a1aefa8

    SHA1

    913682b9a75a4089cc18ec25b28e082916a6b314

    SHA256

    2672445b36639d26c7bcf277704d7f634ea7a6f4eac634027b98fb3f94062487

    SHA512

    272947751145ba29cbfecc6fe73cf5e20cf017c8c436a8af45198499e8b34c5f70215c3d5f21676a2a5de87616e85aa12b5cf0e263d57042e4221f7e12d81eaf

    Download Submit

  • C:\Windows\SysWOW64\rqddbsxm.exe
    Filesize

    9KB

    MD5

    baf7217cd7ad931cde1e471d357324d7

    SHA1

    25ef24f8746485b62d65e8be8b3ff9b79ab9b37d

    SHA256

    dc7864fe9d0c873197fef55155e1b40b3a829d87d488d4fa9f1b450bb79b8009

    SHA512

    532088d411a73d736d06818e901cfe9e4caae77fa714ab4d30de63d5eb529170976a0af171ab05a9db1add7c06e200cbcda0353b73bbb7497e69ab77c0920556

    Download Submit

  • C:\Windows\SysWOW64\sgapkaufyqlum.exe
    Filesize

    92KB

    MD5

    7b010a20484df37a906ca2b5621ce10d

    SHA1

    f3417b8a0c12bdfefbac6df3a3d15cada831783e

    SHA256

    92a6f06ce96a40d24e5255b0aaf62483a21f647e7d52dc403ea53ff7956d32da

    SHA512

    bb4bdfe408451441bd53272b8a4b1b7afa41dc9cc68813a1b61f0f3c0f053fafbe20ce8033e6367b39872c54f1cab35899fd4aa8c2b8aa6a93a699e4e2ff218f

    Download Submit

  • C:\Windows\SysWOW64\sgapkaufyqlum.exe
    Filesize

    57KB

    MD5

    3a81bb7f89fff51fd80d1e9e1e60471f

    SHA1

    7c04e73b47855108f7cb0f1f8e76b71078d74158

    SHA256

    7afee2b09ec479879bca80da134ceff2df40ad8eff99ed5b1461e6b64e3c474e

    SHA512

    d8500626b99b14b8e441c88b9a8431db9188b5dea17610b1d5ff35a199195026f6c9961281e7c3a4babe8c88b1a949a03a42c6872e2eb0ec1761f65095f777cc

    Download Submit

  • C:\Windows\SysWOW64\utxazorxmjhqsqi.exe
    Filesize

    121KB

    MD5

    f6992ba5f3ba3842c3227c1565e953ee

    SHA1

    812fdcc6f02079589bbd59bb103eb7c5be340a31

    SHA256

    329544802fd95d2dda3931a0a28c761dc5edb171ded19b26c111e3e6f915a1bb

    SHA512

    c34796daa861765ca57db4a793ec45d0b083d36433b8594a1a37e713805888427c479215abee370bbc0fe62ae9fa718bdd6f9879def6ea8e4fdb8bab8fb475b9

    Download Submit

  • C:\Windows\SysWOW64\utxazorxmjhqsqi.exe
    Filesize

    53KB

    MD5

    1205e0dce7ea1dc4cfd33c74d1f9454b

    SHA1

    f0d1e21b6e2fe37fa75e572b472788af5a8a71e0

    SHA256

    1f2571b4baf68b0fcb7f067c03ef6cbf93bc0874c7a0a4927511cb787a79fe1f

    SHA512

    0eb78657ce902544808c7e1f1e280c43be82025a7706f2cd32371a754262fbb523370917785bd11c80790c780dedca425049e1d82dd6226d3b9f4015fb16e555

    Download Submit

  • C:\Windows\SysWOW64\utxazorxmjhqsqi.exe
    Filesize

    273KB

    MD5

    53b48333883eb6db83aa6000fc44a40d

    SHA1

    55d0582ab8c4a0d0054a0d1a213f1644df6461b3

    SHA256

    72f9c1a7b648db3a3d22393db10c81d87cad819a2a3c8453c5ddd9684a6fb548

    SHA512

    2d9bfcef809b4b00469f1af7536c588fbbd20787966f07a7c81b5c2c5357dc222fe3f3fc83b131d19630124119545e151e19209751e61dd6a24a66711724dbf5

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Users\Admin\Documents\GetUnblock.doc.exe
    Filesize

    84KB

    MD5

    63ba89f402ce4ef981fcff2a6a31b163

    SHA1

    e097cc2d0f25595c80ed241cd97cb2a2ecedaae4

    SHA256

    4632ad4c93e30c50fc4bc2885dcaf85cbd31dd46726cad44975538e779c8ba77

    SHA512

    e6832cf5ce0f2e4fadaad9c3da11a06d61ae0800701f98f4ed87d185fccc98f38f06b6852f509fcf2a6de34e8edee20f06b0d577ec47ab7ea5e823b467cfbb79

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    12KB

    MD5

    5bf17f42f11f297cb648b00e6d40e81c

    SHA1

    c6599e31e76a0b1a1d1552e9145ef5e6354949ee

    SHA256

    0b22d2dc13a0e936236ec85957a9d4e023e14f9b41017f7bc121456e601d2ef5

    SHA512

    f85651fa1b27619b3692dd6c2ecdcdcdcf32bbe662924180fc0af4c7ad329f3d072e787bc01041b01ecc531f7dff633f87c644379176ae87dc12397d4c4b0cff

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    40KB

    MD5

    ead50e07039d55d66d77dc1fe2581dfd

    SHA1

    c5f3a3b362cd4188996f928d4f68b5c8f9cebe49

    SHA256

    5ee0ba85e7af8867768a68bd8e54131d3eaa77b850c2373542ff4d97208be12e

    SHA512

    ae5694d92612cfdadd93924a65c2773e9d75d1f86e8a22212ec3a0687d0406551d4115ddfaa131bc73ca37d4000b466ddede01fd691b29d8b1c61b811060db75

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    63KB

    MD5

    df3f07722c3146a10b433be180468910

    SHA1

    8848678edd82447d0d9340c519b6a0a2b6ee6fde

    SHA256

    89f01775aecd9bde06c54cc6be7388f1b8206c2eb2243617f8d870d711261647

    SHA512

    d65948f41771a99602665f9734a9bbcd9adace60752d055becba3d20c8fa49344041759cd0bd968a7aed86ec198c3aa667de21c5c331282a0b5ca974810858b7

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    5KB

    MD5

    8b75f548f625f5bcdefd8a002b413126

    SHA1

    cb30cad9b1eaab56528f063957982cd90c824589

    SHA256

    c8aedcde02051e1e93dda61a7e73daafdaf8ea9ff0458bc7ba8674a8bea7058b

    SHA512

    20212c80e77f458f4593d3b550a5b9a63dd0a34c6cb10dd0d450c0499da530baaee1839f5ae328313fc416ccf0b51d11205a90e576f43794f18af895b08be1b8

    Download Submit

  • memory/852-47-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-50-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-52-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-46-0x00007FFD34B60000-0x00007FFD34B70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-44-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-58-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-42-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-41-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-36-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-35-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-56-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-53-0x00007FFD34B60000-0x00007FFD34B70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-55-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-54-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-51-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-57-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-49-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-48-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-141-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-45-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-43-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-38-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-37-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-119-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-145-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-147-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-146-0x00007FFD76F70000-0x00007FFD77165000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/852-144-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-143-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/852-142-0x00007FFD36FF0000-0x00007FFD37000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4332-0-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download