Overview

overview

10

Static

static

1

ClipPlusCo...up.msi

windows7-x64

10

ClipPlusCo...up.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-01-2024 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ClipPlusCommunitySetup.msi

  • Size

    17.1MB

  • MD5

    eb64b1dbb38961bdb4c0f4b724b1ed3d

  • SHA1

    a375bc847388cdddc6cffd57dc7f0c3d6be72cdf

  • SHA256

    cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

  • SHA512

    5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7

  • SSDEEP

    393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score
10/10
babadedacrypterloader

Malware Config

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 18 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 10 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3020
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
      "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2268
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2976
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B8" "0000000000000550"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f762a8c.rbs
    Filesize

    12KB

    MD5

    9f2033526b94747978cf9c6a0ea06933

    SHA1

    4dc6f1980fb414b160c1ec1d935b2a8d91f82eaa

    SHA256

    b80f91226f7fb77c1de5a6c2d94beaa5c8b057187055563dc57135470d6ebb5e

    SHA512

    a10b0943167b813dc2875d63fcd03681759ffb464bf857303b061b4cdfa358a3f1f894ae5b3ebc974515d6c299e51ed61a82fd33af1a0126a9766854d551d075

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    385a621bf78a4f971ba1faa96e423b66

    SHA1

    6cd59c42e0304afe2717df02b41d3428b876b93c

    SHA256

    5586dbbae7feb1e1a18053e061e6831498671bf8756b591385b7cf6535ca63d1

    SHA512

    a3ad2d1b423f7a04e47a219da34f241b960ef53f883b9c2960e70c8a8b99c3c33d15a38566cd07ad4ad923ade98c82dcde55da7c2b037b505b321bcc7854e177

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
    Filesize

    151KB

    MD5

    6c3ecf80090412df02ce5afc9cb4b5e8

    SHA1

    a4edcadcf7dd464c14c600628390e6a876742274

    SHA256

    fd867cf466204cea9e2a701c66e55c1d4eb66355a44ac04b2309d2f02dc4c29e

    SHA512

    e017043cd27d70c1ff324f9d12a7ffcec3d39458bfa6f0bae03c165f13d400b8c62e9c5d749dcb497e343629a0076c53c274ccd346b27cef0bc5875ce8cb4dab

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
    Filesize

    170KB

    MD5

    192dc79840178d07578ccb06d6985a5f

    SHA1

    241483ec191ed70dfb8b0c9478c34eccec4fdec6

    SHA256

    b0589bd38c0eb3425d08a180f93a2d897d8ad880bf5ec527e5bc903f75230365

    SHA512

    e2b46f666c4d09db76408faa05fe3531712f318031743dcfac46ee3cab85fca6aee79f6ecdb3a69669618d09809704e4f32a77e5fab1ecf5d49040eb32d84d9e

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
    Filesize

    287KB

    MD5

    fbe35738b0eca46993247d21aa722c4d

    SHA1

    acbd4eedf03541a3c7628cd821174bac8b923497

    SHA256

    81b435b4d77fefe45d07e8a0bd6b01309a9c04e797627d314f7615d5a969bf2f

    SHA512

    3eb4db28726297c4d9635c3d1cd322fafb7df7a8e5f64a18ab53471e5784058f270996664441ddda469f9304151b18887b50c30a25d561961971a628e97fd276

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
    Filesize

    159KB

    MD5

    b99aa02150b512c5ded41a1362f841e9

    SHA1

    31760d3ae84051d9c4af3fb3d1063a8b93b8c403

    SHA256

    fb99420924947adee7d60953efdeb7b41163b84f20bb29e7f80752f4976a2a67

    SHA512

    d80f08c5ca1e2b93cc96279caa88c29e06af9e4c202def5cbf79e27f081087efaab9d3ec3f57ca81cc69d81beb7b89364754f98878e632c9a1911001c0ae6478

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
    Filesize

    357KB

    MD5

    61283c4132f173115dbb3777dd9cd1ce

    SHA1

    df2991718da0ca92661d532616f08c8e4f77ebd6

    SHA256

    332e0354610b3f26e23042570ee50cf2d3e479e42451afd1fe079373c4e95833

    SHA512

    5e7cc8d5536f1524677e1326c7346e763497208b7015b25df73a81d193b3c6d20c963966419c3fa418ee47390f411c14126cb497a63877e748c92cd12b5804a7

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
    Filesize

    199KB

    MD5

    720806691bfcf51603e2f650b9f57bad

    SHA1

    db8a95046e3a4aa9a864b5b8be783d6879a4d803

    SHA256

    09f8fdbf1071d0a19a672c7182013548ab51cb7c22ae5cc827dfb7884e8aea5e

    SHA512

    8dc91efc566e4a38ab8abfb5f3dcb5083a256fd75f9253e70b1d550b8beb92ef7611dc734fab660a11e35bdbab68b72b5c9bb33fd966997b909493bb90fbcca1

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
    Filesize

    135KB

    MD5

    8e58fcc0672a66c827c6f90fa4b58538

    SHA1

    3e807dfd27259ae7548692a05af4fe54f8dd32ed

    SHA256

    6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

    SHA512

    0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
    Filesize

    27KB

    MD5

    5efb2702c0b3d8eeac563372a33a6ed0

    SHA1

    c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

    SHA256

    40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

    SHA512

    8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
    Filesize

    18KB

    MD5

    ff3d92fe7a1bf86cba27bec4523c2665

    SHA1

    c2184ec182c4c9686c732d9b27928bddac493b90

    SHA256

    9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

    SHA512

    6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
    Filesize

    164KB

    MD5

    89e794bbd022ae1cafbf1516541d6ba5

    SHA1

    a69f496680045e5f30b636e9f17429e0b3dd653e

    SHA256

    7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

    SHA512

    16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
    Filesize

    1.3MB

    MD5

    923f48cc861e7a6c94744a984f04bdec

    SHA1

    093d98ed434a2ada3506db8fe4b4563a67907cee

    SHA256

    06c5063750a3714efacf9c7d57e084fc68ac964bdb14cc7f8560b9bfa84c4687

    SHA512

    c172daf4b775d5fd675b6dcc06f2c88300af1b578cfa47bab9f6e6b76c3d79ca8b4e88edb452b411cd7f0ffd14c924e7988a077c2fa11fac04dc4517a3efa334

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
    Filesize

    373KB

    MD5

    45814d86180e867e23abe3ebb5868fa7

    SHA1

    a6f3be89d66e8dea6f48cd8847e69c8a808a2421

    SHA256

    31e931053e5b23c34c0aec9a291a3ed38ad6c928c84fcf081c9b458e31d7d90b

    SHA512

    03560cbbd55e9a992c7497a444aca02f268742b2aa6c7c7de6281f3eaa78a8ec65cf275a83a5b728bdc4d2dd9a11b75911ec1affc3901f83dcb573c91aa13bea

    Download Submit
  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
    Filesize

    222KB

    MD5

    db123de85e5363c3726bbd57a6b4d8df

    SHA1

    fa0b96f74e121f70332b7c812273aba908366510

    SHA256

    cdddf1a3cf384275f3ad8ef0db8a739f5077f7c38aff3fa6b5800c1e3542c9ef

    SHA512

    ef96c07b3055506846f04238c396a7f2926a0a7132d899b1f6d53c103fdbf87eff9f55ba60e8078e8573ac8978b61d4384e7574a962a591e486501d8b5e2ece9

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabCFE.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarD8D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit
  • C:\Windows\Installer\f762a8a.msi
    Filesize

    419KB

    MD5

    7e4f27c1825b29066108fdd150a0bc27

    SHA1

    2987105ff84b72faa9708776181b0cf0757917f8

    SHA256

    54ba2445b8ee24a35fef46e5d49c90baa8f58d3470de58dfaaf8c25c79736caf

    SHA512

    041d73a8f576869a427dc20ef9a2057eac2c3044431ad2c72daca7f5832a7c753fd803d803d5f5fd48c440b48d56ae90cde0db5eab62ac4bf721167d336dba46

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
    Filesize

    215KB

    MD5

    d9fd3ab489f569b86109226970ea68a5

    SHA1

    d823d7171668354dd13828b5881e04558c820763

    SHA256

    22b18a5e46c0e9af7ab25daa27b5a25a811c45f3939397b92161ea463f571fd0

    SHA512

    807f51d74eebd94153c8af3fb64ce6254b643be8e78cd9c074a65365113fa230702287806186e7047a40962e903e4efd2e4baa1c82c82d22907f5d87c306be6b

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
    Filesize

    311KB

    MD5

    7a6c073fb55e978a5cee7c14478f8b10

    SHA1

    4d787d369f5b44f782e1c897d6562054c8df997d

    SHA256

    3739794d3a8ee38126b8a451b14159ad3aab6f11e775225c9b207ed389d4e158

    SHA512

    f421914da56aadb2630f7268fbbee48da1ee711b38b4f315210d07ce9e498d5c1c8f72a45fab3d5b8316a59f3f32054b4b3fc5bea0da7f4546a4311ea56beb81

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
    Filesize

    274KB

    MD5

    b1f62aa4be1891bd7381d19e73a501fd

    SHA1

    1311d0539be4ae2c84d4fb5e38b08d57cf231a3c

    SHA256

    213fadd5e04785ddbdd3916f5cd5764674da78870f72b1dddda582242bd83156

    SHA512

    edeb872fdefd75c6bc8e51e6cd48fa906676f437a86307983b036d0820dcf2688ee982357b12f29ad1066d3b1377c2e825710331c31fe185d403f701babf8587

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
    Filesize

    222KB

    MD5

    e6910d55dda2ac634f2df7c9606f1ccb

    SHA1

    aab2cbf57e558f674f9fd7d9258037a3d46055b3

    SHA256

    e710ed61260f58fe8b551f26756198931f8936f1590dad8eff0d555ab2b0c9b5

    SHA512

    e6658466e2283da9291bfd254f66d6eb89cc5d13d6c430be2a4d86ba9503def242e2e1e63851e3bdd9ed27be62a0ea8cf81a2a05d596982f8c2f785b9bff7faa

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
    Filesize

    248KB

    MD5

    f4f54998aaac3642edb8d9e2c75953b9

    SHA1

    c97de197fbe2e652ef3b2b455839e5adeca8052c

    SHA256

    8ddc30b37d6873d5e8ba50984d7307d797232195fa07bc8ab4bc604cb231d850

    SHA512

    19a5160a51613d95af9f4a682836919f8fb76ef78b1fd7b8eb6e1ffc1f8ca37ade95b4f06adc8ec9ece6574e9feb8ec2637af19120d8492e9c807a1953187556

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
    Filesize

    245KB

    MD5

    05e99817ac34acbed33c3782a11e828f

    SHA1

    13494724076ea1ecfdea2a36532346c3d62efb8d

    SHA256

    f63b03892f9490ff9d85fd39e48c347ab6936f05e7563a27c802c6116232ee48

    SHA512

    5cfadabee4ca3b3e33aebbaa7a210d79c90bf1fb73c8af852bc0ddc838b3ee012b5cc12a49a2ae62490c813935ae1cfc07871befa0d83f2268b2c975935417c2

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
    Filesize

    67KB

    MD5

    d8ccb4b8235f31a3c73485fde18b0187

    SHA1

    723bd0f39b32aff806a7651ebc0cdbcea494c57e

    SHA256

    7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

    SHA512

    8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
    Filesize

    31KB

    MD5

    a6f27196423a3d1c0caa4a0caf98893a

    SHA1

    58b97697fa349b40071df4272b4efbd1dd295595

    SHA256

    d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

    SHA512

    0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
    Filesize

    76KB

    MD5

    5199d6173a6deb45c275ef32af377c3c

    SHA1

    e8989859b917cfa106b4519fefe4655c4325875b

    SHA256

    a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

    SHA512

    80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
    Filesize

    75KB

    MD5

    46ede9ea58c0ac20baf444750311e3f8

    SHA1

    246c36050419602960fca4ec6d2079ea0d91f46e

    SHA256

    7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

    SHA512

    d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
    Filesize

    141KB

    MD5

    b6022150de5aeab34849ade53a9ac397

    SHA1

    203d9458c92fc0628a84c483f17043ce468fa62f

    SHA256

    c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

    SHA512

    2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
    Filesize

    31KB

    MD5

    d31da7583083c1370f3c6b9c15f363cc

    SHA1

    1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

    SHA256

    cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

    SHA512

    a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
    Filesize

    21KB

    MD5

    cdfbe254cc64959fc0fc1200f41f34c0

    SHA1

    4e0919a8a5c4b23441e51965eaaa77f485584c01

    SHA256

    9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

    SHA512

    63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

    Download Submit
  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
    Filesize

    268KB

    MD5

    8edf3ce46c9f91aac4bfdf7a71e90f08

    SHA1

    cb00d7e344ed8e2942cd8723f624d3efaa0dc192

    SHA256

    52b3358e2fc1200151e664e744066dcdfa20c917a66b8afc62614425465831bf

    SHA512

    3a6bbf5d9875d25f42a48cc2624f2260b75865c08aa07f053243514e3e56e99b57f8fa82cbf13b2ed199e3bdc51c86c58d0d3e44f7ffa124e16e45741252ecfd

    Download Submit
  • memory/2268-146-0x00000000746B0000-0x00000000746E6000-memory.dmp
    Filesize

    216KB

    Download
  • memory/2268-149-0x0000000000230000-0x000000000023D000-memory.dmp
    Filesize

    52KB

    Download
  • memory/2268-136-0x0000000000230000-0x0000000000234000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2268-164-0x0000000004770000-0x00000000047FB000-memory.dmp
    Filesize

    556KB

    Download
  • memory/2268-169-0x0000000000400000-0x0000000000BAB000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/2268-171-0x0000000000DA0000-0x0000000001083000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/2268-172-0x0000000072A40000-0x0000000073763000-memory.dmp
    Filesize

    13.1MB

    Download
  • memory/2268-170-0x0000000004480000-0x0000000004481000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2268-160-0x0000000074060000-0x0000000074185000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2268-140-0x0000000074790000-0x00000000747C3000-memory.dmp
    Filesize

    204KB

    Download
  • memory/2268-175-0x0000000074060000-0x0000000074185000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2268-174-0x0000000000230000-0x0000000000235000-memory.dmp
    Filesize

    20KB

    Download
  • memory/2268-173-0x0000000000230000-0x0000000000234000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2268-141-0x0000000000230000-0x000000000023E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2268-138-0x0000000000250000-0x000000000026E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2268-137-0x00000000747D0000-0x000000007486E000-memory.dmp
    Filesize

    632KB

    Download
  • memory/2268-154-0x0000000000340000-0x0000000000341000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2268-134-0x0000000000230000-0x0000000000234000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2268-148-0x0000000074680000-0x00000000746A4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/2268-145-0x0000000000230000-0x0000000000235000-memory.dmp
    Filesize

    20KB

    Download
  • memory/2268-144-0x0000000074780000-0x000000007478E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2268-132-0x00000000748A0000-0x00000000748AE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2268-128-0x0000000074AF0000-0x0000000074B3D000-memory.dmp
    Filesize

    308KB

    Download
  • memory/2268-133-0x0000000074870000-0x0000000074898000-memory.dmp
    Filesize

    160KB

    Download
  • memory/2268-129-0x0000000000230000-0x000000000024D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/2268-125-0x0000000000DA0000-0x0000000001083000-memory.dmp
    Filesize

    2.9MB

    Download