babadeda | 561a27e811aa3a61afc77e1b4497c1d33aca7afd1adca5edbe4b5efa5bc38cd0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-01-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

814e4e665cbfbb465b3a779f790155c8.exe
Size

7.3MB
MD5

814e4e665cbfbb465b3a779f790155c8
SHA1

d4dd6edb535396bdfe4d1c21af4f9ea2a1ef3111
SHA256

561a27e811aa3a61afc77e1b4497c1d33aca7afd1adca5edbe4b5efa5bc38cd0
SHA512

0eced049e36574fcca36b09b75d59e85d1698ae2dbbf045e32205fbdb1b7bca1cc02776e0fce4f27e2fc166c8d966b2379f7ce5ab0c0aa1ebfe51df2f238eefb
SSDEEP

196608:6PGZKb8ENPo31FLd33n5D0U79EcnSPcoBXSciwxiRfDEC7:joNQFFLxGyKMGCcbsj7

Score

10^/10

babadeda crypter discovery loader upx

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral1/files/0x000400000001d23e-898.dat	family_babadeda

Executes dropped EXE 2 IoCs

pid	Process
1900	irsetup.exe
2740	cmsengine.exe

Loads dropped DLL 11 IoCs

pid	Process
1748	814e4e665cbfbb465b3a779f790155c8.exe
1748	814e4e665cbfbb465b3a779f790155c8.exe
1748	814e4e665cbfbb465b3a779f790155c8.exe
1748	814e4e665cbfbb465b3a779f790155c8.exe
1900	irsetup.exe
1900	irsetup.exe
1900	irsetup.exe
1900	irsetup.exe
1900	irsetup.exe
1900	irsetup.exe
2740	cmsengine.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b0000000149f5-3.dat	upx
behavioral1/memory/1748-5-0x00000000033F0000-0x00000000037D8000-memory.dmp	upx
behavioral1/files/0x000b0000000149f5-13.dat	upx
behavioral1/files/0x000b0000000149f5-19.dat	upx
behavioral1/memory/1900-24-0x0000000000A20000-0x0000000000E08000-memory.dmp	upx
behavioral1/files/0x000b0000000149f5-15.dat	upx
behavioral1/files/0x000b0000000149f5-11.dat	upx
behavioral1/files/0x000b0000000149f5-8.dat	upx
behavioral1/files/0x000b0000000149f5-7.dat	upx
behavioral1/files/0x000b0000000149f5-876.dat	upx
behavioral1/memory/1900-895-0x0000000000A20000-0x0000000000E08000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1900	irsetup.exe
1900	irsetup.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1748 wrote to memory of 1900	1748	814e4e665cbfbb465b3a779f790155c8.exe	28
PID 1900 wrote to memory of 2740	1900	irsetup.exe	29
PID 1900 wrote to memory of 2740	1900	irsetup.exe	29
PID 1900 wrote to memory of 2740	1900	irsetup.exe	29
PID 1900 wrote to memory of 2740	1900	irsetup.exe	29

C:\Users\Admin\AppData\Local\Temp\814e4e665cbfbb465b3a779f790155c8.exe
"C:\Users\Admin\AppData\Local\Temp\814e4e665cbfbb465b3a779f790155c8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1798690 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\814e4e665cbfbb465b3a779f790155c8.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-3627615824-4061627003-3019543961-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe
    "C:\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\152136276158

Filesize
62KB

MD5
1121132c578b5abc02bd69411a370adf

SHA1
f42fe7952a4cbc5db0976758a1de3edf1ce21522

SHA256
4d2407322218288208b424b1c6dcec5a6a1402d30db47a639a67cac48a8bb24b

SHA512
c9726068aac1effbaa0f2be459bba7d645f80836e670268545a85df3fdefb22d2d8c0746baf8e40d430d0985aa3e8bae7dd2b7a46e949fee4586c9754ec3c98c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
172KB

MD5
ab9403b2c0ec1278bcb2013ff1b8e62d

SHA1
b40909058fc1159edb86ac00c403ca6c6e1a65f6

SHA256
7b765f5880731603ef01ba905a890028a801b3d472125818298d5a7e37fef963

SHA512
c3ea17536a5abd6d59653b48df5079302a9c34e32bc8868532ceb714b2f5b5a22de078238c5cd646c420399f7ed441ef91aaa0a84e66fee60a2604259b651190

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
166KB

MD5
757c557f8630a4ee34bd77cfff505d8f

SHA1
2997a7d8ba681f3ac54a76ac723d07152e24d522

SHA256
d6751a533fa4932a94e2c39149c3f8caae1bbc3f6d6e977b342d46fbbe1fa3b6

SHA512
9680ae1674223808160dfec375dfb5ac438e1acd689c8f6b4752000312a01a2ed09e4e2e374830350b4117b4c6307527ea81fc2811aae757e32aa2d6624001bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
127KB

MD5
175e25dc755bb5c8b2dc27b47fd16df5

SHA1
18578e86807f43370e49338bb44b027e93f37eb9

SHA256
6f163bd10877d844eaf698b68e024b0bd1a2742ed4d3aa335dbce82807b2051c

SHA512
8bc2d35747b006573a9445d702599bf080394684790cbbaa3dc21447893e915b1306351767f67053c8f8581ab20ce2eb657cba3f7080e83ff2976ea5ee71b07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
127KB

MD5
f1913cc4d38fd3f764ae673e6893affe

SHA1
71cf102f02941a9d2b6338cc77acd96d82fd0e86

SHA256
f61dbfb1670bc6c1fc82ed8b3e46c3bc2c26010fe1e7b29e3927efeb132a6440

SHA512
ca31dfdbf9bbc44c10e072cdfc2b1eb632b145cab6651a5be40402b0bea38607c45577d12095a926b23c7e46796b071e5f41e2caf8d5ae0f937c77c30edb8661

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\Uninstall\uninstall.xml

Filesize
79KB

MD5
5b27b87227d4a9ef10a3257c817121da

SHA1
efd20d8a5e5b351d59da53bb3d456da6527fa16b

SHA256
6177d775028d5af64d20eff912df958691de980aa874efd7060616ac04b0cce8

SHA512
66d7f5c730f45062038a7e5aa158aa606c5f1ea67b02e56c2ac7128fadd120f4abbe18b0c5e91cddcf07f9b6605a26b6e791c5a4841e0b2424bcc82f12fb7bb9

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\Uninstall\uninstall.xml

Filesize
79KB

MD5
03a258bd2b97e3267b725fc4d6144699

SHA1
c5193cd0dfadb615fd88ce98b69df2151d24c685

SHA256
b7503474bb17cf8fa6ddb62bc353371fd134b6302a9235abc924c0cd6ae97ec2

SHA512
b2b0eeb9e2c6291e2a6053bbd1baa8ae654dfe9c0e5091a13dfe668c068c20dd547697edfb37ab20ac39e166afa771d3ab38cce3063994f8e3510048e6b3b7f8

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe

Filesize
180KB

MD5
998be31f33476eb7ff7360549082b289

SHA1
ead49881c5c1de74953af970879565210718c916

SHA256
f6dea6168fe93e85b5c83c08793514f83e1c9993e25bf1869b5d3eb676b09f87

SHA512
ed6c9e8e1f975bcb59b541c0cf33741f21bae3b84b20ab19d4fa10539c537e44ece3336bb1f6e60fc82f3b6c9370fb3df25ddecbe54356d80bef0d7a1dec9077

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe

Filesize
99KB

MD5
ee24a8927ebab0fb30fd1b7ea8547fe3

SHA1
3eb72025b5dc520c8b36675c34854a2b95306467

SHA256
a510dfe592fe5223a3688357bc0765a1b1c1c99f461eb8570ea8074a20444428

SHA512
3c2bb2b3b21708f6866b0dd836be22045b6a2ac37192f6205767633c221102d899596a03badc8c8ad55c76e959d5cf187780c796fce8be9563a0e80e8b34c156

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\libintl-8.dll

Filesize
95KB

MD5
32c06baf2d022359601c251309dd3549

SHA1
df56fb7030e82ec7929b6a88772d4726338d0ae4

SHA256
5e69ee1e26b6e3e4b5b6e2f3941dfc88d6d827d4145e97d85306b4360d043768

SHA512
86bbe76a0d78a9edf0c476c7f6d3aac93d577748aae5f481c89977a143ea46fd458c24959e87b3a72b83c95300b17c693fd06a3c139f24f26e3255ead7c50187

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\html\startpage_banner.html

Filesize
490B

MD5
5d1f7da1c3d95020a0708118145364d0

SHA1
02f630e7ac8b8d400af219bd8811aa3a22f7186e

SHA256
d2d828c2c459b72ee378db6c5ac295315b8a783b7049032f92ed4fcb2a89684a

SHA512
6bbdaaef1478ffd9e9d3a95d300f35b9ac6f3ce6564e80734445a827ad8761233db36c679fac117f363bae27918983520f0e2f408205d3549b001fc4ae4c920c

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\html\startpage_connect_to_data_no_mru.html

Filesize
1KB

MD5
20bbd307866f19a5af3ae9ebd5104018

SHA1
8e03c9b18b9d27e9292ee154b773553493df1157

SHA256
e4fe51c170e02a01f30a4db8b458fb9b8dee13a7740f17765ba4873fac62c5f7

SHA512
420a132ad4ba3a67f5b66a3e463c4fa495b7941d58d6d669a8c984380607a03f0afa1c92bcf1f8d1fc5d93838ea611f7f9cf439bb3ada0142431b119ddfad40d

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\html\startpage_connect_to_data_with_mru.html

Filesize
1KB

MD5
e6bc0d078616dd5d5f72d46ab2216e89

SHA1
f70534bb999bcb8f1db0cf25a7279757e794499f

SHA256
e8f50f17c994f394239350951a40c3454e9b52b0ca95cf342f2577828f390a54

SHA512
6ccd6e19ec63f20c86a28ccaffa609a2d0de7991a8eb2d6ea016bcc5d0e9f2fc28c33a15c4af891f28a9e1e4131f38f84f8e1a8859e020d6f267977075f7c66a

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\html\startpage_landing.html

Filesize
720B

MD5
0a5b47256c14570b80ef77ecfd2129b7

SHA1
69210a7429c991909c70b6b6b75fe4bc606048ae

SHA256
1934657d800997dedba9f4753150f7d8f96dd5903a9c47ed6885aabf563bf73d

SHA512
5ca22260d26ec5bb1d65c4af3e2f05356d7b144836790ac656bf8c1687dd5c7d67a8a46c7bde374ec9e59a1bedc0298a4609f229d997409a0cc5453ef102ecb2

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\html\startpage_topstrip_no_mru.html

Filesize
659B

MD5
eced86c9d5b8952ac5fb817c3ce2b8ba

SHA1
3ca24e69df7a4b81f799527a97282799fcd3f1e2

SHA256
3988afa43d3c716ecbe4e261ff13c32fe67baaaf1718eac790040cff2aa4e44d

SHA512
a21e88968c30f14363a73dfd7801cea34255acb968160fad59d813bb64352583c8c4f6cd9d45811676ca5ca90a4250601a53e80b6f41d6727465f3a57e7423a1

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\html\startpage_topstrip_with_mru.html

Filesize
798B

MD5
cc4d8a787ab1950c4e3aac5751c9fcde

SHA1
d026a156723a52c34927b5a951a2bb7d23aa2c45

SHA256
13683e06e737e83ca94505b1cd1cd70f4f8b2cc5e7560f121a6e02ed1a06e7ee

SHA512
e0b01f5ee4da60e35a4eb94490bed815aea00382f3b9822b7c29294cf86a2fe480dba704f086a38f9d7aaf39e8160f49cf806b6b6c44651de56e290249dd9ebe

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\stylesheets\start_page.css

Filesize
2KB

MD5
f2ab3e5fb61293ae8656413dbb6e5dc3

SHA1
53b3c3c4b57c3d5e2d9a36272b27786cd60f0eb5

SHA256
06db4d53adf4a1ecbc03ed9962af7f46fd3a54668d45907dc1737125e38ec192

SHA512
2c31cad868e1e5149a4308a149104ac3d88907894699fb0413860c8f578de32f6814b08d518de7a7fe3782f0cea173cb1766da7c25f2bcdddaffae7bc0da927c

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\res\public\en\stylesheets\start_page_landing.css

Filesize
282B

MD5
49617add7303a8fbd24e1ad16ba715d8

SHA1
31772218ccf51fe5955625346c12e00c0f2e539a

SHA256
b3a99eea19c469dab3b727d1324ed87d10999133d3268ed0fadd5a5c8d182907

SHA512
9d1198ca13a0c1f745b01aabc23b60b8e0df4f12d7fdf17e87e750f021fc3800ea808af6c875848b3850061070dfd54c2e34d92cea4e8a2bf4736fbcfd129d1e

Download Submit
C:\Users\Admin\AppData\Roaming\LittleCMS engine\ui.xml

Filesize
139KB

MD5
9fe531a860b574477cb03eb6f878ca7a

SHA1
a22c81b16c7b73afb437eeafb753bb3275ee36c6

SHA256
7ac20cce461f268a3fa4e9d371b67a33544297f33a5355d7b6f09edc7de6cfa3

SHA512
9684355d8e304dac985f3eebb847cdf26a8b0a8f56ac8bdabafc95b998196a07dfd3f353fc7ee72598c4aff6c45c5bf700d898d7cf057b9a9deef904b75bd50b

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
117KB

MD5
9c60c4a7dfa9c4fc989463e56f680d31

SHA1
df949fc3f627c655c8246138c88ed1e889a01090

SHA256
08cf8bb49dc97d9f33fa6886ae2fb07b2751ab7ce23a0fc502d00f2e50e50b39

SHA512
90a8abf1bb313608e4de60b88e81871450b2343cb1b1cc0bcfe2e6e251b705c923ce1874626f38cc8e86496ffd40a43c9644cdf8158722a001d545687c4d9f6d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
177KB

MD5
6fa58e7f3b194515d234924e282abf2a

SHA1
e67c619543b4f1fbca22adf8a56883c1cb43404e

SHA256
97400e652a52299fa3f39d023718d0d0b72b89aba0c2d6e3259068ce477215f9

SHA512
64a74034fae5ac5810fc0cbb99a2cc8c158c1cea6a8abac6d654ac33281b958025df1368947cfb6840fc7c82f941f2a8f63d33934698024d15d3f8d6761f9fbc

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
748KB

MD5
fa569798a54777090a825a8e72a5deee

SHA1
622728b0348957599cfeecca337337383faedb9e

SHA256
0cab8ecdfa3d3d88c19fcb950480bb6b5083ef6bca8426b519cc081e9c25b800

SHA512
2d8433f565108297116921e5c5a6f95c416bfccf8ffd510edd77cf33692bc9f8301db19802427273a41554aec6b0fa7f12124a93ce3257a8a07689edb2ed50d3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
181KB

MD5
290c875260fcb4da9207029d1f6c559e

SHA1
5a94f8bf3e943e3471b475960c67bf505ad75c83

SHA256
54e972b8a5d07098b72d66485d08434603452063aa2b324427a338dc15c53782

SHA512
3c628a89ad049cc67d1ca958acddfc60ed8cf0171f5dd5e60fe6faaffd4b0e97beec66a72c9fe88a114b1ee45ff001ca465e34a2e084da6ef5e6b87b463f43b3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
181KB

MD5
f3d83f57b9783848508e7276f7b0e1b3

SHA1
08798762497d8f01b1fb066121920eb71497d766

SHA256
880bacd0acb602a064e87a9583e54d99959c287ce153d2becc1eb31b09ebb95f

SHA512
7f7b572e61b9c6142a80cb08331c99d9596ab1276c8bfac29497c46bda880b92ff9d4421e931c3b195a9243b01f5b6bc533284ef0b98e91d678115cdf4d1dc54

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
100KB

MD5
9eee30f75fd7318dde87d713d5db2146

SHA1
09f8c234a99067a6c48bd2122c9c4b7048b3f3bc

SHA256
f7ef7c15519e942ee061a82597af22f07e31ff03e9a22fe33df47f4d216b1fdf

SHA512
14b382b76e2f588b79b3530bca1afedfed801648e2e37c0ba54b15bfc985fd1892226af35bb88e0b406b4c783affcc44987d35d866f5147af66b33fc92f898d8

Download Submit
\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe

Filesize
172KB

MD5
a878b5061bc563270d6b03ac071d16b3

SHA1
e4aeb7d07868bb4bd742e9dd6d3058c5cc096e28

SHA256
d3463e31fcfaeeee93a0872b5c2cea6c7eabbd03f77352be2566bde2281ceed8

SHA512
ac7f3addf64e57db50b1534310776549bc8771785be1d350fdff3830db663183bb71cc9aedbda60c11e05c7c4ef2988ce8690a60849ddabff2dae936c110e88c

Download Submit
\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe

Filesize
168KB

MD5
bda27d2abc2edd1cc566836913230749

SHA1
800d02b4d5f4346a0779a1cea9642a95e307b1a8

SHA256
afed90ca13983ce44b585488647442029ae12d226243d31eb54d567efe07fde6

SHA512
f85d689af9a66e99d7a071d49251a134e1601ec836d1ad63c56cc4ce780d7bb09ad8fd7bbc753fa5e8b1b28dc7b841d9318b74db73313cc92a633693d2dedcb5

Download Submit
\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe

Filesize
74KB

MD5
c398f1802d4c49d31f7821e6d93d10ea

SHA1
9acc471a8a790e58dd719748af61ab7cf96a395e

SHA256
9b2d1ad723c19c04bfb9f06e837f0315e3582a0c64ab48316c741d0b779902da

SHA512
001ee66014f305d227fbdadfe423ef1fb7d2fa0aec0d5f3249cfb23baf18c0f2b265c392e8b61e4a64e32da5c9b1376356c46be532496d4d2e9cb0eaa8810b58

Download Submit
\Users\Admin\AppData\Roaming\LittleCMS engine\cmsengine.exe

Filesize
123KB

MD5
b7058640318ebc795fe49a1b00100d8f

SHA1
d64a03d380b6c44b4e83bcf2f0203bb0522ee090

SHA256
f9db09b2368744df33f4b6ea39c040af042e9c92d06712a9f3329b985ba80bee

SHA512
7a98d5171c0e74fe22f9301b79579ac909e0be9f26b6978204146b0be19f32e71ed6628988c63632d79a24617a1331b6bdf17d06f6d36f47cf3fd00ce82723bb

Download Submit
\Users\Admin\AppData\Roaming\LittleCMS engine\libintl-8.dll

Filesize
166KB

MD5
11efa59c264a2d3425cb1a83ec7cac79

SHA1
e7e6f287822489f827ea21c9bd61b676d7a8df55

SHA256
3bb0641fde93004a58127caed2fb414a1f5edb62e11751fa2b21620a057edf87

SHA512
7c8eddbcae3b6523a1d70592d7d8a859f5e2336cd587ecd4287678da95da1f7da5404763d422082e42fee45124fd7a768840ccc51dd613c416b271e4638fc5c3

Download Submit
memory/1748-20-0x00000000033F0000-0x00000000037D8000-memory.dmp

Filesize
3.9MB

Download
memory/1748-18-0x00000000033F0000-0x00000000037D8000-memory.dmp

Filesize
3.9MB

Download
memory/1748-5-0x00000000033F0000-0x00000000037D8000-memory.dmp

Filesize
3.9MB

Download
memory/1900-896-0x00000000050B0000-0x00000000058E0000-memory.dmp

Filesize
8.2MB

Download
memory/1900-895-0x0000000000A20000-0x0000000000E08000-memory.dmp

Filesize
3.9MB

Download
memory/1900-877-0x00000000005F0000-0x0000000000600000-memory.dmp

Filesize
64KB

Download
memory/1900-24-0x0000000000A20000-0x0000000000E08000-memory.dmp

Filesize
3.9MB

Download
memory/2740-899-0x0000000000B00000-0x0000000001330000-memory.dmp

Filesize
8.2MB

Download