Overview

overview

10

Static

static

1

ClipPlusCo...up.msi

windows7-x64

10

ClipPlusCo...up.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-01-2024 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ClipPlusCommunitySetup.msi

  • Size

    17.1MB

  • MD5

    eb64b1dbb38961bdb4c0f4b724b1ed3d

  • SHA1

    a375bc847388cdddc6cffd57dc7f0c3d6be72cdf

  • SHA256

    cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

  • SHA512

    5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7

  • SSDEEP

    393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score
10/10
babadedacrypterloader

Malware Config

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 18 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 10 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1632
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
      "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1308
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1744
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B4" "00000000000004D0"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f7685f4.rbs
    Filesize

    12KB

    MD5

    ccf54cbc53c3087404ebccde9da6c934

    SHA1

    88bcd22275709e294484302c931791d04855c130

    SHA256

    436f59d853efa7913fff4ab70144a3c2809cc339ec5f69e6986695ae6cb9f7e6

    SHA512

    479618492c4dcf230fdff55edc5f639bdec9be704f96e515be0333778bfd68d71b5549e6e49039824e451f82a8555cc257e701e47de1e223ece17cc58367bab5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d173bad652c1db5a81b650ca07694be6

    SHA1

    f62486722edf2b1bab864249413c4c7c20f6584b

    SHA256

    008b74c86acbf8652d851b8d01e61073c2d62b0da80b4d15f0257bebbd878195

    SHA512

    9cfd5caf425fdb55d3f08a0f93453ac2ebe1a694ace8f77b0840126c0b7e02502d71d4e058adbfb47fe401f59f6b5154ee7bc5f71153c157128675927580f02f

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
    Filesize

    8.9MB

    MD5

    99fbe9ddea23ab0fd334e673cb9cd158

    SHA1

    1b653336b60b34575ad97c87abdeac3b18b29a20

    SHA256

    4d3d881d9bf26c61d2dbb63e1c88aee257e8b98491b2b7b1fefac633ce66656b

    SHA512

    6491976c59261b8faa7afef899a7319c93fc1601ce9ab041e14a161535894219516b93db6260327bbfde928c4ae55111dcdb1e0f50afba646232ea1865d9c200

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
    Filesize

    5.6MB

    MD5

    d3959c4f4d0f0fedb093005df77bd0cc

    SHA1

    f1455721c723b23f3037de321ed5e393b0eb39f9

    SHA256

    04e59336c59fcddb8fa398bad048da575fe57c705a4b4b2bbbad5f4a5eef670a

    SHA512

    73c94833cf7b72b58d7acc5e8ee8dc48618bd7fd86a7a0704ad2b4ee0e308c4627b1e8d3dd18eddb5d983f2a79028cc2f43ff510b1bbe7c3e0ec2d1eb12d7028

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
    Filesize

    4.0MB

    MD5

    b15d6f76dd1767ed3d4a7481d5dfda44

    SHA1

    603743b2550bcaa7b372a5202317a07cce787535

    SHA256

    e4d58e0eafba782145f5a9b8bc1c54bf121d697822d629afd0cdca44fa2fa5af

    SHA512

    29055216c30d6ea753a3bd373527657162e3c8d86398aa0748697a9ceebeade100978c655d24fdf053bdad39f86916391efebad829892ea69f8b4e8f1169dbe9

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
    Filesize

    2.7MB

    MD5

    13142bb6f925a719b4b72e7bd4cfc14a

    SHA1

    a77f5ee0bf6eb2b3ef380b15cf3e0f2ff3b689da

    SHA256

    057b57a6f08e1334de783dfda243373aa7f58f81d00f4ffd05b9569c1fcca471

    SHA512

    939d2f0adc9c26395f89f1ffb1511bffbc79242817f91eb41e0965233e875b603a9133eaccef592f23f334c3243a27c3d5650c57848bab65c20927cf29ea318b

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
    Filesize

    1.1MB

    MD5

    658276a6bf6c17511f54254d56cd9022

    SHA1

    b9af3a23d41aa2bc2bf1f269e0deb8749896c584

    SHA256

    19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a

    SHA512

    4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
    Filesize

    2.4MB

    MD5

    999573e1a0eb3515f9fb97cfe5a6e717

    SHA1

    cc82f53967f0543585c5eccdb8e64921f207c9fa

    SHA256

    43d5b85f4056ad7045968a8bafbb771179936dfa33009efc15f31ec2a903272d

    SHA512

    e0ce04518745f55f436338e9569fe1ced2ff6d99029be35a2fc737668f1c77988495e21199e12b2fb7858ed6781c4048982bf749c844df09b2fea92142e78522

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
    Filesize

    1.8MB

    MD5

    3978c2550c1e450c0b817854b69b3b82

    SHA1

    e0db6cb3d7182d16374db7fe6ce15ae7db3346db

    SHA256

    05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6

    SHA512

    164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3E88.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3F08.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Windows\Installer\f7685f2.msi
    Filesize

    16.7MB

    MD5

    83443452ef49557ddd12f1aec9d439da

    SHA1

    2222cf9f5e3054ea9002ad9ecc2850e935ebb73c

    SHA256

    3383f7b916386e052bd03d505274bd5b9b9008bca762ab81b56fc3fae8a5dca0

    SHA512

    271437d050e14985d97268a2ff524cf02178da90a69a55a5c09076c1be6cf82018b07b5f0bfd4915e50d965f371546f03c0a14423c3834f4b6fc85b0288ed38d

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
    Filesize

    6.1MB

    MD5

    ff34265e805e9be624940d27adca4e56

    SHA1

    0854d549048e6a7a95000f3ca9aeb900a3488148

    SHA256

    680286ff3533063355288493479aff89c662a16d59c1075cb7960ee833ea8b6c

    SHA512

    f3f86b897bac5dc62ad74c4419191282408664d169da0e28390c4510280d7d483f33f612280b9f442e1f05269e41a9ca562268bd5a0f4e5bba25c935a9934b81

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
    Filesize

    379KB

    MD5

    e98f595caa5ee23e8a3e46d83211da9d

    SHA1

    a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

    SHA256

    df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

    SHA512

    e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
    Filesize

    5.7MB

    MD5

    33082bf128b1700be41bbc0377520abb

    SHA1

    b8aa3500d08ed31cdb13313311496e6e706967f3

    SHA256

    f5914cf345f20177203e72987eca4a442ddd50934eb6273aa433c177e9640a41

    SHA512

    f513af6cdc480a4e0963976618ffa95763960311e257478fcb06b0210ab12704e53d5bccdf1d9331481acc10b819661c5c36df62d69610aa206678da302a5251

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
    Filesize

    3.4MB

    MD5

    3501ec4d97cc74999d476aa382f4378d

    SHA1

    4592c9ab17cb014325432e82b26805922bf690a3

    SHA256

    b0e7b944b4d2e0f7ae09343865bdec6761a359b764b90d2b305b7b9d023cf145

    SHA512

    191beddd445c7c1d04021c97e8689bb3d35a7e845e1db1913e9fa3a23c2262e3680b1daf835f89f3f10ecb8c7448567a7f9228d641eb69e8e67160d4b7aeb086

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
    Filesize

    135KB

    MD5

    8e58fcc0672a66c827c6f90fa4b58538

    SHA1

    3e807dfd27259ae7548692a05af4fe54f8dd32ed

    SHA256

    6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

    SHA512

    0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
    Filesize

    67KB

    MD5

    d8ccb4b8235f31a3c73485fde18b0187

    SHA1

    723bd0f39b32aff806a7651ebc0cdbcea494c57e

    SHA256

    7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

    SHA512

    8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
    Filesize

    27KB

    MD5

    5efb2702c0b3d8eeac563372a33a6ed0

    SHA1

    c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

    SHA256

    40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

    SHA512

    8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
    Filesize

    18KB

    MD5

    ff3d92fe7a1bf86cba27bec4523c2665

    SHA1

    c2184ec182c4c9686c732d9b27928bddac493b90

    SHA256

    9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

    SHA512

    6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
    Filesize

    31KB

    MD5

    a6f27196423a3d1c0caa4a0caf98893a

    SHA1

    58b97697fa349b40071df4272b4efbd1dd295595

    SHA256

    d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

    SHA512

    0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
    Filesize

    76KB

    MD5

    5199d6173a6deb45c275ef32af377c3c

    SHA1

    e8989859b917cfa106b4519fefe4655c4325875b

    SHA256

    a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

    SHA512

    80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
    Filesize

    75KB

    MD5

    46ede9ea58c0ac20baf444750311e3f8

    SHA1

    246c36050419602960fca4ec6d2079ea0d91f46e

    SHA256

    7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

    SHA512

    d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
    Filesize

    164KB

    MD5

    89e794bbd022ae1cafbf1516541d6ba5

    SHA1

    a69f496680045e5f30b636e9f17429e0b3dd653e

    SHA256

    7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

    SHA512

    16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
    Filesize

    141KB

    MD5

    b6022150de5aeab34849ade53a9ac397

    SHA1

    203d9458c92fc0628a84c483f17043ce468fa62f

    SHA256

    c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

    SHA512

    2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
    Filesize

    31KB

    MD5

    d31da7583083c1370f3c6b9c15f363cc

    SHA1

    1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

    SHA256

    cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

    SHA512

    a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
    Filesize

    21KB

    MD5

    cdfbe254cc64959fc0fc1200f41f34c0

    SHA1

    4e0919a8a5c4b23441e51965eaaa77f485584c01

    SHA256

    9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

    SHA512

    63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
    Filesize

    1.2MB

    MD5

    eeb2c9f79926c1074703c378fb27215c

    SHA1

    df632ea453d0986aebb5961a7874c25426e5885b

    SHA256

    ba71994c06091dfdc0f1c51eda9e41be888224d165fc0d62d7d882384569600c

    SHA512

    0ffb563a20b1bf6659ae78d79fe28379e9560c91e4a258dd12046c4659aaf30772b1dcbd426466fee513f42711bc55c70f3f8c8f9ebfc533173b5e9cc3b80406

    Download Submit

  • memory/1308-143-0x00000000751A0000-0x00000000751AE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1308-159-0x0000000074AC0000-0x0000000074BE5000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-144-0x0000000000230000-0x0000000000235000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1308-146-0x00000000750D0000-0x0000000075106000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1308-149-0x00000000750A0000-0x00000000750C4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1308-148-0x0000000000250000-0x0000000000267000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1308-145-0x0000000000230000-0x0000000000235000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1308-150-0x0000000000230000-0x000000000023D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1308-125-0x0000000000E20000-0x0000000001103000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1308-140-0x0000000000230000-0x000000000023E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1308-139-0x00000000751B0000-0x00000000751E3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/1308-137-0x0000000000250000-0x000000000026E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1308-136-0x00000000751F0000-0x000000007528E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/1308-128-0x0000000075510000-0x000000007555D000-memory.dmp

    Filesize

    308KB

    Download

  • memory/1308-134-0x0000000000230000-0x0000000000234000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1308-133-0x0000000075290000-0x00000000752B8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1308-132-0x00000000752C0000-0x00000000752CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1308-130-0x0000000000230000-0x000000000024D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1308-160-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1308-165-0x00000000043A0000-0x000000000442B000-memory.dmp

    Filesize

    556KB

    Download

  • memory/1308-170-0x0000000004000000-0x0000000004001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1308-171-0x0000000000400000-0x0000000000BAB000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1308-172-0x0000000000E20000-0x0000000001103000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1308-173-0x0000000073460000-0x0000000074183000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/1308-175-0x0000000000230000-0x0000000000234000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1308-174-0x0000000000230000-0x000000000023D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1308-176-0x0000000000230000-0x0000000000235000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1308-177-0x0000000074AC0000-0x0000000074BE5000-memory.dmp

    Filesize

    1.1MB

    Download