Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

45e5496394...46.exe

windows7-x64

45e5496394...46.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45e5496394e7d6a9efe16008c380cf46.exe

  • Size

    668KB

  • MD5

    45e5496394e7d6a9efe16008c380cf46

  • SHA1

    30272aab1924aba61676c35146bca8b7f45826a2

  • SHA256

    d18db06ffb1b15c896c0a2ca373df26bf13498de75f4d55998ba7709c7ffd273

  • SHA512

    fef413e3cdccc3ee829c22af1b56d665016ddadc4a66ea518f1d2b034ca13a9e92ff2f69c2cd42fc28a39448868917120b29924d798766759c799e63b309fd10

  • SSDEEP

    12288:qCCGxTYAe2mjiVg69cvigDvnBvfkQQw+018pwsiX3o/PFrMOj6vve:qClxE0gKgDvtfLQwP1tsP1QE5

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 7 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 42 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\45e5496394e7d6a9efe16008c380cf46.exe
    "C:\Users\Admin\AppData\Local\Temp\45e5496394e7d6a9efe16008c380cf46.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1344
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:4584
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:2172
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4636
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:1920
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:900
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2516
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3540
    • C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\SearchIndexer.exe /Embedding
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1944
      • C:\Windows\system32\SearchFilterHost.exe
        "C:\Windows\system32\SearchFilterHost.exe" 0 804 808 816 8192 812 788
        2⤵
        • Modifies data under HKEY_USERS
        PID:3980
      • C:\Windows\system32\SearchProtocolHost.exe
        "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
        2⤵
        • Modifies data under HKEY_USERS
        PID:2156

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\jajkdigj.tmp
      Filesize

      489KB

      MD5

      1b517edfe7d187a812d79434b388ae8b

      SHA1

      2d3756498c5451c061cc81c1065551d8af1f2043

      SHA256

      2698e1eb026a7f4705317ea3fd6167b0db44497336983d2bf5b39d7f1f0d4470

      SHA512

      95e07f7399f3bf471bb9037ef47d80087487f96fd9525e19a7a656f457dd1441967331c0a00dcd0a520a602a15b67418395913a854199bf26cc000d6c4aa5e56

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      609KB

      MD5

      9e94b24be477ef87fe4aa2002764b8ff

      SHA1

      6b599734df3f545e5c9884de5609a28398b01111

      SHA256

      971ec0d0e3c970eea0bcc09e37a1baae10dcfc4a698bc5004b1170d3e6489828

      SHA512

      c461d8adacae4a26bb5aea5600ec1678d4b7595a4192e236c0d357f4febedf97a58d57ee20f6670f5b232cc7e88979845fece9e7df16f8dcf3491dd95e517965

      Download Submit

    • C:\Program Files\7-Zip\Uninstall.exe
      Filesize

      406KB

      MD5

      ba331419318a85062043da84e8a45770

      SHA1

      20d8eb32ad5a6a755c18ce93ff13509f3f83483e

      SHA256

      5c036045c4c7229f4feb51792175365849941c25cffb68c57f771bbb651511bf

      SHA512

      09d7f3012ab4d19de4c42fb73a260d75e2953faf7c4a4c1f63a35ad9c66bff795147a698d1bb7f76caf526fadfb1ee36f1540736358e83f1a0d4ecec9b8b20b8

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
      Filesize

      256KB

      MD5

      7da0fb3bb0aa22caeb60ed8cb5790e2e

      SHA1

      a2ac5594a871f5806345c2fb2ca6565fce529472

      SHA256

      2bc80134d990d328f91cbb5dd858ab0a7d7490b1a90b4a822a15f062a4e067d5

      SHA512

      588cf4348d2fcef6888b4200af277da64ca31ecc9f349883b8e244abedbe690248e1f03c2dd09acf324879182677876b8e4aa20c9b2c26e0969734a5d16321f2

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
      Filesize

      1.4MB

      MD5

      0e8a75e6312fd033d2f02701307694d9

      SHA1

      06f131ac0265ff8c4af853266d55033947e7f971

      SHA256

      9a91a24eb9d51dafbeaadee99729afb58078beac871a49175e4d55c4fe16d134

      SHA512

      43c8fc2deb9fa4df4d2b6471b378448694737a821d9149f672991ef516654936c1a0497cd86f03a7aeead41a23c21214219c21bbf06ef2f309425a7c0504be6d

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
      Filesize

      734KB

      MD5

      ccfe3327d1c35b9f3858e17f37e7308a

      SHA1

      bd6239bd374f35acaf9666953b9a5b50b8a6f8ee

      SHA256

      7ea5796d22f791eae018f3413273a4b312b140e6e9267bf2514dae01ca55bf1d

      SHA512

      607ecd3e342df07fa74ce88f94cfb3bbdb8f8725260dea9d250b7320f746e11fb5137540f19f57362fdc2e0c3f20f9e225e3a0b8d736c59d3740707859381333

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
      Filesize

      244KB

      MD5

      4220533cb4b3a05cfde127dcc94d9d1d

      SHA1

      f041213d49d82bf2adcdf4b450db5223e446ee58

      SHA256

      73340532952688134c07c22f17618defc3511cd5fc30152bad049c5697ca3ee7

      SHA512

      4f80344a2cf50fd57f123531d1cc05bb9226e262612dfb54760c61f9550b26d41af775b0d113e006e0a524dde8c1a49b0dc0cab9113b71efc338c08cc15290cb

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
      Filesize

      1.6MB

      MD5

      4da5c63d103dfb398d3427749dac7230

      SHA1

      9c12f7456c17bca160a90270f1e42fd195a45223

      SHA256

      edd85716eb1c1a994d6a72499c4993c4d8793517c80ef802bb99b9005b9966d0

      SHA512

      b37a8f18f2dd764497417d7f29b1e0d02595909eefd3e587c5857469b7ff78b0a38e3d4c2d6616e4f2ccb9afac3419b4d019eddd438fcbbcb703211ca4706a06

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      1.6MB

      MD5

      7e26750d8c7a2c123da48775211cf8d2

      SHA1

      763d9a0e44c36812fedf38473a289cc2955d8f1e

      SHA256

      c14d456b3b5e8204ef5831ba78c2133e129a317f2e848f1bdc403ad147d0c9c6

      SHA512

      c58ed63242ba638afa31299fc0d63a84ad6bf978a73c06f5763b1431dd5da9ec226ea6cad5a341d3d22f475263988d38592c389350f9d6f4095366cc36a08d28

      Download Submit

    • C:\Users\Admin\AppData\Local\fmklkjqk\apmppank.tmp
      Filesize

      678KB

      MD5

      d464e1169924cbe0c77959d1e8254cb6

      SHA1

      3b32bf883227a6d9d26f0e3d2e17556b5fe5cdba

      SHA256

      b7ebec7e9f9c7209c59bb8b1698b8b3e59e8ea7a511b378db03670d4c72575eb

      SHA512

      7037cd989ce8777cdb5a32fd25038099e3e9702c3eea75a5501681e657176da20908923f0b3a514f61b3e13fba92a342217bd61edccb6a55b272cdd5f1c5f4dd

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      483KB

      MD5

      1f660d4a3f562d35bc4f83d128b5a600

      SHA1

      e1cfcfbae2055576d2be058e5f61ffaee33b2bd0

      SHA256

      3295025dd63d68db15c8efd97568059fc77f2303a41751524d51360cca4a0f0b

      SHA512

      6ef8efe7f19f1f36acfe552bd2cbd8f8c1014d9f9a8f9ffdae3df1760d4dbc9cffd14d87be8fc790aab5648f7ecbf1df9f5aa48c4da40dc49e30c8b4cc799703

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.0MB

      MD5

      b88d59c48d91cc4a491b92faed92117f

      SHA1

      38670ceecb39c56b21baba61906631970aa73d2f

      SHA256

      ca63b398bc14cd1e8c72f032655b8b17041d14dc08be1902d7d6cde11cc1dce5

      SHA512

      a24a0d0d3fa3259727671b05a179570eb73bfaaa87f8982dfc7ded5bbc472a5942d9ec9c7dcb757cde4e13fb1c763849c407bb1df9a182cb1b27ca1393143453

      Download Submit

    • C:\Windows\System32\SearchIndexer.exe
      Filesize

      1.1MB

      MD5

      c5a96a6bf655646f191f632c14a4a86b

      SHA1

      42d297ebb85fd05d3c149b68529138fdf2cc510b

      SHA256

      54b733cfbb4d2b9c2da1a688d894e30984973f218cd91bc1e7d5faae5aa2cd9f

      SHA512

      809e1f837fd1a084a037aae8b5706972e6054eda60528079b63fc05302a9e6e321fc9b38f30e038f2ed88ff987acc8db16c9692de8a416028bfde59fdd7f9344

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      86KB

      MD5

      341adc7a9b77ef8c221127577b813ffe

      SHA1

      13a05c1073ebe7beaf4aff109c48ad5a55be7b59

      SHA256

      0175f4aa9d6f4c898b8a1663670829593cd83c9e134e631eebd98237b05eb7f0

      SHA512

      21c5bc9283153a59ee12482d0536d6a86516b2d2106e4c400699963acbfc1bc0ea95ac0fc6763a4e6163f859d4061970fb3f0053375b4a7155edd97fdd286d3d

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      536KB

      MD5

      9adf2627204a1e681d8c498c1e785000

      SHA1

      87dabb8e7877bbde3e5829626b3c8e2a0ed3bb47

      SHA256

      a553a55f142f85f9856f227825708c9728f910712a1a2b0a2e546c4b6b6b8432

      SHA512

      a11f3dfab839392a4bbe50762d6ae084809794edf94a88ddcefc3a264aeb1e2a9c5dc69056e7b5f45c3eb02fa3b63cdbbb9386f759067122921ba19f86a3a28a

      Download Submit

    • C:\odt\office2016setup.exe
      Filesize

      4.4MB

      MD5

      9a3b5a038f48fb20486dfe423b491b2b

      SHA1

      a823e44d42794ef529e007f3cb7db182ffdbcec7

      SHA256

      fd98d6ebe8e6a7236961879ee9eee8c37d74a08ec4a41da320c36f15cd57b013

      SHA512

      b41e4691925d2750a6831eaa05978e76104f24e81fa5c51f70ab9bb413433d675cc41cdd06998ad5601a72f3b2d78e2a70edaec343befad47c99eeb0471acfbc

      Download Submit

    • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
      Filesize

      633KB

      MD5

      de69480909c7a1078a68414efa672237

      SHA1

      065eb9c9d81f04b5e45b369646ff7270ca0030e4

      SHA256

      c8bf53bc0c0e6cc7033648cb907c1576f94876cbe59fe090f5b9ac17e141759a

      SHA512

      6783d5552b291aa3119987aac91a032d4bbd1cf3600d03b5d2ab2c3d2ee9a3e730a7afb2fb13b5283cb9b225ebf242d43714312bd3cc77438e2097fb33ec496d

      Download Submit

    • \??\c:\windows\system32\Appvclient.exe
      Filesize

      1024KB

      MD5

      0b85d28c502ced13a045cb79248cb3ab

      SHA1

      397459b7dfc524c802e057f3db34ccbaf7ddc1c3

      SHA256

      ebc5ee87cd8745ebde64efbb5a3581fd5222af9c31c6b0b752eb9f6f28469779

      SHA512

      a0149f0e70db029ce3a4209118c4cea94bad80e84d2b9aa06060158b2746633bbdcd012ca07f613493ec802e7757e2da6a7d59a86737c91c1aa42be6b24df216

      Download Submit

    • memory/1344-112-0x00007FF745F30000-0x00007FF7460AE000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1344-1-0x00007FF745F30000-0x00007FF7460AE000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1344-2-0x00007FF745F30000-0x00007FF7460AE000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1920-36-0x00007FF6B4070000-0x00007FF6B4230000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1920-39-0x00007FF6B4070000-0x00007FF6B4230000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1944-236-0x000002181AF80000-0x000002181AF90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1944-295-0x0000021820CD0000-0x0000021820CD8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1944-235-0x00007FF6EF4B0000-0x00007FF6EF6B4000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1944-252-0x000002181B1B0000-0x000002181B1C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1944-268-0x000002181F570000-0x000002181F578000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1944-340-0x00007FF6EF4B0000-0x00007FF6EF6B4000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2172-29-0x00007FF6B88C0000-0x00007FF6B89F3000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2172-139-0x00007FF6B88C0000-0x00007FF6B89F3000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2516-65-0x00007FF6DF610000-0x00007FF6DF765000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2516-58-0x00007FF6DF610000-0x00007FF6DF765000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3540-160-0x00007FF6F5F60000-0x00007FF6F60A3000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3540-72-0x00007FF6F5F60000-0x00007FF6F60A3000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3980-324-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-299-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-293-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-290-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-303-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-315-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-316-0x00000239BB6E0000-0x00000239BB6F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-317-0x00000239BB6E0000-0x00000239BB6F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-310-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-309-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-308-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-307-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-306-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-305-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-304-0x00000239BB6E0000-0x00000239BB6F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-302-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-325-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-326-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-335-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-337-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-336-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-292-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-341-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-283-0x00000239BB6E0000-0x00000239BB6F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-301-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-344-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-350-0x00000239BB6C0000-0x00000239BB6C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3980-361-0x00000239BB6E0000-0x00000239BB6F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-362-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-363-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-364-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-351-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-300-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-371-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-373-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-379-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-372-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-385-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-392-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-294-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-403-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-404-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-405-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-407-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-411-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-413-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-412-0x00000239BCB30000-0x00000239BCB40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-417-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-427-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-428-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-430-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-406-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-298-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-297-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-289-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-288-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-287-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-286-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-285-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-284-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-282-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-281-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-279-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-277-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-276-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-275-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-274-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-273-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-272-0x00000239BB6A0000-0x00000239BB6B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-431-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-442-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-280-0x00000239BB6C0000-0x00000239BB6C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3980-278-0x00000239BB6B0000-0x00000239BB6C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-465-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-458-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3980-459-0x00000239BCB50000-0x00000239BCB60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4584-17-0x00007FF7479F0000-0x00007FF747B24000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4584-37-0x00007FF7479F0000-0x00007FF747B24000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4584-123-0x00007FF7479F0000-0x00007FF747B24000-memory.dmp

      Filesize

      1.2MB

      Download