Overview

overview

10

Static

static

1

ClipPlusCo...ns.msi

windows7-x64

10

ClipPlusCo...ns.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-01-2024 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ClipPlusCommunitySetup_ns.msi

  • Size

    17.1MB

  • MD5

    b82ada91e8742234257d9cad38deebfe

  • SHA1

    d1278efa9729f955de1dbfcfe53550e67212ff9b

  • SHA256

    3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834

  • SHA512

    676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b

  • SSDEEP

    393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/

Score
10/10
babadedacrypterloader

Malware Config

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 23 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 10 IoCs
  • Program crash 1 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2168
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
      "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:832
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 524
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2324
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2724
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003D0" "00000000000004F8"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76f411.rbs
    Filesize

    12KB

    MD5

    edbf91ba7993e36a4f581ef68933fa2f

    SHA1

    c7df128ce81bd0d13b80ee6b8f33b37d0450899a

    SHA256

    aed7d665ce7471cfa5ca416bcefcf07a89646a68f5bc00a8a386c6690300c4ae

    SHA512

    9c0cbebfd50060890d1488dc8abc0f1150a366f79745546f94dfb4aae7c6252fcee369ca6dbf5d71370984d58f7107a2d38c31f2b0e37768e398dc975775179a

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
    Filesize

    3.7MB

    MD5

    302a3c1cbf977d75451912013b8f74fa

    SHA1

    be944ce782382caf13dc4beab721ec83aa6da5d7

    SHA256

    eff1d8a3514b14efa072cc053f5583229aef6762d424bb8e2e8b2d26547da819

    SHA512

    97a7144ae20547816e370dd86626571fd25fa361e007f638c1fd3d3354a56c7a6390b3461df906ce43247e02a628001f5711037005881b1bb6d2c6a0d29b1ad2

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
    Filesize

    379KB

    MD5

    e98f595caa5ee23e8a3e46d83211da9d

    SHA1

    a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

    SHA256

    df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

    SHA512

    e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
    Filesize

    5.2MB

    MD5

    c781b4f50b34ee43a37fe063696fca64

    SHA1

    fbdcf0d95a61cc3e23dba70fde3ec7d2e006e84e

    SHA256

    22673216f66f7d43c9c2124d4cd646a09b9c08013387772788480bb733a1352a

    SHA512

    ce8ac7b92187483513c54ab69a5811266e2731dbf07ae67f52fb8d956de3beccc7897689f485582ebf27b4d6115e3e0af9d76db0c58d1a475bb95163eb086e8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
    Filesize

    2.7MB

    MD5

    8d8fabe49a12f4a9abe75fc6c9215a96

    SHA1

    a87b9911066285e18a90ef1587d5d499b82b0cf2

    SHA256

    32b8d82cdb19aef179620ac0b1cb2c16ca97911216530537a495f7b7f7c43c81

    SHA512

    466ebbe8880530e14a6b2ef59727767419a26226deb44d98a6ca12ed0db77409e0bffbbc93595b3315a3e6cad6f8a3dc9380ff240e4d7e5c2a24045db49a336f

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
    Filesize

    1.5MB

    MD5

    70d69f6e9a22dcb80864984a86616fd6

    SHA1

    e5349d27624530afa7f5d5deebefaedb540d90cc

    SHA256

    f334ed846d67d2e7acf8d60ebaebb4beeee5dffc14dc46a74bddf69eddcfe9f5

    SHA512

    a476cad70852c2ed005208e1794f5f2a023f3c4f0f9d4c3fd35dcdbcb3b98981227d2bf9c4926543653d52e906d624cf23ea7bc400d6e77f6346ee968df3f121

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
    Filesize

    27KB

    MD5

    5efb2702c0b3d8eeac563372a33a6ed0

    SHA1

    c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

    SHA256

    40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

    SHA512

    8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
    Filesize

    5.1MB

    MD5

    91ef5bdd24d7a2b9e854e159c38aafde

    SHA1

    42436dce02c2ecd9a7b1d87815ec7f901d8a5e68

    SHA256

    2e7b7f2953bc4be906025c502b8107a89e0592d202a79b072421b0ad4dd73982

    SHA512

    1b11249c1f10b638016a0165d66e91cf2a4e7879cf88ea4d4bc096b685ce3382b56d7ba681c3d41b0e4e08fce672db2dc542d53b843f645e3cb90a00639acab8

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
    Filesize

    1.2MB

    MD5

    eeb2c9f79926c1074703c378fb27215c

    SHA1

    df632ea453d0986aebb5961a7874c25426e5885b

    SHA256

    ba71994c06091dfdc0f1c51eda9e41be888224d165fc0d62d7d882384569600c

    SHA512

    0ffb563a20b1bf6659ae78d79fe28379e9560c91e4a258dd12046c4659aaf30772b1dcbd426466fee513f42711bc55c70f3f8c8f9ebfc533173b5e9cc3b80406

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
    Filesize

    1.8MB

    MD5

    3978c2550c1e450c0b817854b69b3b82

    SHA1

    e0db6cb3d7182d16374db7fe6ce15ae7db3346db

    SHA256

    05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6

    SHA512

    164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

    Download Submit

  • C:\Windows\Installer\f76f40f.msi
    Filesize

    4.9MB

    MD5

    c4db01b280dce9dcfd3f2fca22392f21

    SHA1

    3e6fd7bfb34232f052dcbe0fd3b0b9b302475843

    SHA256

    1f92488d68c9cee5119c13911f51301a0dfcfb960b6c3d1d1664a3bd57cdd7e7

    SHA512

    15bea61d0fa7165d706fd3a03522f52655070cfcddde547823a41c69ad9ae71da3647c66d951ad50d9b9e424fdc2538928d3705ecb7ef2bd53aec4ddaf0a4be1

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
    Filesize

    3.2MB

    MD5

    c270b14c624eb5f9e4f24f1f69b1109a

    SHA1

    af143c44a68023c9e5d600fa81420b7f9b3aa8d8

    SHA256

    883cc6c59ec2e9927465ecdf43bd2b99af6b13dfdbc95bef803b90a55f60c17b

    SHA512

    979a512391504681a7d4163563aaf1f3075f59acbdeb1c6633b5972513d8ec8e0dac94e2b26ecc78818a440ee7a8f5f514aef7dcb7cda7485e9614bf6b1bc8d7

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
    Filesize

    2.9MB

    MD5

    74003911b0d986d535a68d47c616b0a0

    SHA1

    18389d5ec1e54b3939a4fb8846deda1f315ecf1c

    SHA256

    f9e3726bbc270d6e4bb82358e51629bd7788e805bf2617436688f171ac51a7d2

    SHA512

    577d24c7dbdaf0b1eecf14fcf09e0f41bb9cbedf988792bfbcc1a367201fd3c746ff3d22cf9ac6a547685794cfb53103ee3b0ac0b29ac5fa435a8ee0f628dcbc

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
    Filesize

    287KB

    MD5

    0ca8f51ac6c783a553a3e13cf1828f88

    SHA1

    a642c69fde9c762d5243465b6a3463af83fef041

    SHA256

    f42d57f00f3ee187b89cb1735570f60f9a36e0194706f04984a941e203e7f417

    SHA512

    fbf5526bad0a9d63d68c1384b5c91854e98f8a210861c38d9746b7ee47d419c9b272700f213c3cdacb3f99aa934cefd75200421196fb7ef684f853c1708d28b8

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
    Filesize

    2.1MB

    MD5

    5573930fd04c6c18d7f1d4bbe68b8395

    SHA1

    b70d8ea89a3251686b2bcc978a13df02b71e9f16

    SHA256

    5b9aab466d42322ad4950ef11c6daaf7eec4000ab49948ed071b7d123e3afbfe

    SHA512

    ac70badde0ee6b8531469236642674c3793b99a92f5bd17712b1c7869a0a4a0ff37cfe8d371102136aefcc5522768335bb17b6e0e8f1e6279569ee983098e592

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
    Filesize

    1.1MB

    MD5

    658276a6bf6c17511f54254d56cd9022

    SHA1

    b9af3a23d41aa2bc2bf1f269e0deb8749896c584

    SHA256

    19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a

    SHA512

    4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
    Filesize

    135KB

    MD5

    8e58fcc0672a66c827c6f90fa4b58538

    SHA1

    3e807dfd27259ae7548692a05af4fe54f8dd32ed

    SHA256

    6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

    SHA512

    0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
    Filesize

    67KB

    MD5

    d8ccb4b8235f31a3c73485fde18b0187

    SHA1

    723bd0f39b32aff806a7651ebc0cdbcea494c57e

    SHA256

    7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

    SHA512

    8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
    Filesize

    18KB

    MD5

    ff3d92fe7a1bf86cba27bec4523c2665

    SHA1

    c2184ec182c4c9686c732d9b27928bddac493b90

    SHA256

    9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

    SHA512

    6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
    Filesize

    31KB

    MD5

    a6f27196423a3d1c0caa4a0caf98893a

    SHA1

    58b97697fa349b40071df4272b4efbd1dd295595

    SHA256

    d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

    SHA512

    0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
    Filesize

    76KB

    MD5

    5199d6173a6deb45c275ef32af377c3c

    SHA1

    e8989859b917cfa106b4519fefe4655c4325875b

    SHA256

    a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

    SHA512

    80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
    Filesize

    75KB

    MD5

    46ede9ea58c0ac20baf444750311e3f8

    SHA1

    246c36050419602960fca4ec6d2079ea0d91f46e

    SHA256

    7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

    SHA512

    d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
    Filesize

    164KB

    MD5

    89e794bbd022ae1cafbf1516541d6ba5

    SHA1

    a69f496680045e5f30b636e9f17429e0b3dd653e

    SHA256

    7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

    SHA512

    16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
    Filesize

    141KB

    MD5

    b6022150de5aeab34849ade53a9ac397

    SHA1

    203d9458c92fc0628a84c483f17043ce468fa62f

    SHA256

    c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

    SHA512

    2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
    Filesize

    31KB

    MD5

    d31da7583083c1370f3c6b9c15f363cc

    SHA1

    1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

    SHA256

    cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

    SHA512

    a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
    Filesize

    21KB

    MD5

    cdfbe254cc64959fc0fc1200f41f34c0

    SHA1

    4e0919a8a5c4b23441e51965eaaa77f485584c01

    SHA256

    9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

    SHA512

    63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
    Filesize

    7.4MB

    MD5

    63c5b96b43e63c2fac1697fbe936e227

    SHA1

    898f30fc375882e977427cce521c88002146ddd9

    SHA256

    25051ff2c23b8efa5e2a9fc6226aca4975d7a6de165e1c0c04a7756469fc2c02

    SHA512

    b6495d6bebc3c73098826466786622fce587807dd3ea2978471db6aa2b05666c5bda5e9cc63686a2ace0def0e9f6115d05a79a28a27970ca9074fbffd7789416

    Download Submit

  • \Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
    Filesize

    1024KB

    MD5

    9b8c5343215e02b39be62008fa51c414

    SHA1

    3521bf6faba70b0a28b3cdb80818780096155818

    SHA256

    5a3c5bab8e97ab0fa7bffcea9063842cb9842491999ace90956ca1521aee468b

    SHA512

    154e86aa3e0fabd66de98f2122c6b32c399b82feea99b3ef7c93c281f1ec964977285108dfa6ef33c211bbc81e7fdee21c8e12aeb6613564361f9c37daf3c97b

    Download Submit

  • memory/832-92-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-79-0x00000000003D0000-0x00000000003D5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/832-88-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-93-0x0000000074560000-0x0000000074596000-memory.dmp

    Filesize

    216KB

    Download

  • memory/832-95-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-97-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-96-0x0000000074530000-0x0000000074554000-memory.dmp

    Filesize

    144KB

    Download

  • memory/832-99-0x00000000003D0000-0x00000000003DD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/832-87-0x0000000074640000-0x0000000074673000-memory.dmp

    Filesize

    204KB

    Download

  • memory/832-84-0x0000000074680000-0x000000007471E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/832-83-0x00000000003D0000-0x00000000003D5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/832-86-0x0000000000D40000-0x0000000000D5E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/832-80-0x0000000074750000-0x000000007475E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-107-0x0000000073F50000-0x0000000074075000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/832-108-0x0000000003390000-0x000000000341B000-memory.dmp

    Filesize

    556KB

    Download

  • memory/832-91-0x0000000074630000-0x000000007463E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-81-0x0000000074720000-0x0000000074748000-memory.dmp

    Filesize

    160KB

    Download

  • memory/832-113-0x0000000000D70000-0x0000000000D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/832-117-0x0000000003250000-0x0000000003251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/832-76-0x00000000003D0000-0x00000000003ED000-memory.dmp

    Filesize

    116KB

    Download

  • memory/832-75-0x00000000749A0000-0x00000000749ED000-memory.dmp

    Filesize

    308KB

    Download

  • memory/832-120-0x00000000003D0000-0x00000000003ED000-memory.dmp

    Filesize

    116KB

    Download

  • memory/832-72-0x00000000010D0000-0x00000000013B3000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/832-125-0x0000000000400000-0x0000000000BAB000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/832-127-0x00000000010D0000-0x00000000013B3000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/832-129-0x00000000003D0000-0x00000000003D5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/832-130-0x0000000000D40000-0x0000000000D5E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/832-128-0x00000000728F0000-0x0000000073613000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/832-131-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-135-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/832-136-0x00000000003D0000-0x00000000003DD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/832-137-0x0000000000D70000-0x0000000000D71000-memory.dmp

    Filesize

    4KB

    Download