Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

sharp.exe

windows7-x64

1

sharp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sharp.exe

  • Size

    9.8MB

  • MD5

    933af071c1afade46438939b27806ed4

  • SHA1

    3d313c046d4e601e421c923148c7127d9b69ade8

  • SHA256

    0fb8ea1ca1ea8aab5ab5797c11e0d0a4bf12103a6acbf2014e1836b35788183f

  • SHA512

    d5bd8c63d4ee2fe1eae6f6c2695f652340d03634c3acded4d674e59f1401efa5e22b12e9228d838a932aa396b9f156166976581ce43fcd613e291e120a0288de

  • SSDEEP

    196608:LUye3EbT9bwiIHa3Q7CezjQ7MKpa9BJB6ZX7LkqadqGLno/:Be0/y+e0npa9neXvkqaMGjo/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 23 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sharp.exe
    "C:\Users\Admin\AppData\Local\Temp\sharp.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3428
    • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\main.exe
      "C:\Users\Admin\AppData\Local\Temp\sharp.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3268
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "wmic useraccount where name='%username%' get sid"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2240
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:1960
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4652
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Drops desktop.ini file(s)
      • Checks processor information in registry
      • Modifies registry class
      PID:4196
    • C:\Windows\System32\Wbem\WMIC.exe
      wmic useraccount where name='Admin' get sid
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2748
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:372
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Checks processor information in registry
      • Modifies registry class
      PID:1288
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
        PID:3052

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_asyncio.pyd
        Filesize

        64KB

        MD5

        43e7da594af7c0655cb9f57bd5556a49

        SHA1

        b75042853453e902ee54d0311311b4de74d40241

        SHA256

        6241f72162099095f111819fd5b9b2a0995ed7cf45ca08f1d0134ab7b3fe601a

        SHA512

        b088211220a6b73aa55e8ce1ed8d1517b25a5f53245abd9a07ba4c39518db9bd8742750d1f7f12c58955ee1ea642c733d4dca45bc7b67e1d18d25526806c4be9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd
        Filesize

        159KB

        MD5

        ad02ea81a127a401f4df84c082f3cce6

        SHA1

        9c6c851c52f331d17a33936c9aad8dcef2542709

        SHA256

        4213fbb6936ad3eac1e1ba28f10e15719176bc3a59ff01ddc6828dd7eee52132

        SHA512

        cdccd9e5fffc2a2836f7677985d63c0a8a90fc91f1d98a0f2355c11141e21ecd564bbbfba87e717ac80f784a68b6f43430476fbd72cec9820c691df6612ffd16

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_overlapped.pyd
        Filesize

        45KB

        MD5

        5302eaf1e9af8e6550ab3720acf7ff63

        SHA1

        ce2dfdf34616a84a041ddaec025516ee6c5e2762

        SHA256

        42c7a03bffe76eafdee596f6b4c3ff950ff8808a31d194932c2bf48fdfc7f7c2

        SHA512

        7649a8356aff0b9f7012ca25a433771e84a722a3eda0608226d5871828d5a3e5c7eca009ae9c32d02bc01a5ceceb972f35d9ec9bf538f3151145469769c8ebf6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
        Filesize

        78KB

        MD5

        0a6c6fd7697e4c3757014fa6bf6dd615

        SHA1

        f14f79831b8b16a7b31f4c7f698317c023d446f9

        SHA256

        a611e9b4f4e5fe67e945b771d79cf15c48441ecfa11ce186cec9bf233dc20c0d

        SHA512

        f5fcfede06f0f81229b946f803b6e292fd0c909191f3c2a82ca317ff7c2e08d1ea98aa2d11ec85edd5449994a2a7c61318a15d47806cd761e25739494f3e18e6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\dearpygui\_dearpygui.pyd
        Filesize

        1.2MB

        MD5

        c8359d7ced50a678d9c60dab84a158e1

        SHA1

        3eedded9ab4e7eb25b15b1d7ad96b38d5224c624

        SHA256

        e18478f6b664b4d2e830b9140d3d1ad0cb971a545096885f09e82bd7df37339c

        SHA512

        b324405e1916de7a7257804b4adbdece2c80617824e97c8814f75c5d05afc78afda358edd4349e1cc772d20e09307451fa83e19d1480dd0afd23ad4051f72f9f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-1_1.dll
        Filesize

        2.1MB

        MD5

        c35a498d24c5bf5b4c639c74e09bed0f

        SHA1

        dec3282dbcded817827deec6962f41d69bd0b783

        SHA256

        73abbbbcbaa1849004917e1a3ff7abdf5243a644e94c652b019b3998845278d8

        SHA512

        b97a0fbd33a2390ce0548087f6cd0816a71675bdf2a9eeb34c3248eeebc977bd9917d64acc8dbea52e6b0134094ad6951f47cb1d7a6a25d63e33386b9a02e017

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll
        Filesize

        682KB

        MD5

        de72697933d7673279fb85fd48d1a4dd

        SHA1

        085fd4c6fb6d89ffcc9b2741947b74f0766fc383

        SHA256

        ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

        SHA512

        0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pyMeow\pyMeow.pyd
        Filesize

        1.4MB

        MD5

        031af23b6d527b26e6bdf01a93c376eb

        SHA1

        8af98f9be34adca3954466f8cfb93540815f2f5c

        SHA256

        a8d41989ea11b8922900469a1b5384960970d1779eb1c56fe7ec9fd8b33de5fa

        SHA512

        4d727fc290b92bbc171537c945d40beb8cc64c30a87008f86f2ef28ddfb970128e7242edb84cb233a3477de1b7ec26f2f56e3f9c8f442da8aed872ca80b0fc1d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pywintypes39.dll
        Filesize

        136KB

        MD5

        f0c9ae2851bdadd218d864430281b576

        SHA1

        b7fb397f1c9cd07c81c7ae794b2af794c918746f

        SHA256

        15ff353b873b58c7a8af42d94462aa4cb4ea03c10673a87a0d7f2c42b7ec60c0

        SHA512

        915aa0121265b11d6ab58643fb1e4d867e3c49608dd5c8842364d4ed913f4742b4c4d54b21526ea62d7d48598b02c613f1ab39a4a071e403d4cc6fe68f839b7e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32api.pyd
        Filesize

        129KB

        MD5

        30d431bdd2419b1c59f22c0ab790ab88

        SHA1

        fe4c07f5e77806e5f0f5f90762849818eb4d29d1

        SHA256

        0813e92197b04508363d93f3fc2065e962baab44f8a2c18c6297e1fb348cc679

        SHA512

        d5c8e362c5be1decffb7960b0169e18641816ada783e0ec5a3c909c163bf1aa8878d6e7d7efb0258a0f1a031ac8e71c084d7220347b85b07412d6717f3b5ff58

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32gui.pyd
        Filesize

        222KB

        MD5

        3ec45c06ad3a38ddd434d480d575150e

        SHA1

        9489842d16c1bb3c7619c6595d4c8d21690afd2c

        SHA256

        03ea618102198c9ef41d00b0b197544cb6998452221f1f66f7bf0ef5874df1e9

        SHA512

        af38ea0f462eafcd226a84cbbff9e2bf7f6302c15063796e8117aab9cd49ffcc33969447c27c8952f1d694a92abde9500c257d308c185b54f7578fd788f8f4d3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\S-1-5-21-1232405761-1209240240-3206092754-1000
        Filesize

        1KB

        MD5

        b41be043adb4f219edacbf08a86b04eb

        SHA1

        aadeb7772d83cee6d87815c647d575c9fce02f0d

        SHA256

        a5036764481e488321ec19c40506eeb2a52044f55fcc949b7ea2206c638e8c3a

        SHA512

        03d1f7d7f7c435f2723e4f272af593dea7127ec65cd6aaec737a42e3a100394312fafc9a1ecfb50b18245340397287c842d885b1b30c047cdacf99dfaff9e72b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\_bz2.pyd
        Filesize

        84KB

        MD5

        7f2bba8a38712d00907f6e37f0ce6028

        SHA1

        e22227fc0fd45afdcf6c5d31a1cebffee22dfc32

        SHA256

        cd04ebe932b2cb2fd7f01c25412bddd77b476fa47d0aff69a04a27d3bfe4b37b

        SHA512

        ca46ceaf1b6683e6d505edbe33b1d36f2940a72fc34f42fa4aa0928f918d836803113bf9a404657ec3a65bc4e40ed13117ad48457a048c82599db37f98b68af0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\_ssl.pyd
        Filesize

        152KB

        MD5

        3baf56d4e63a800fcaf2cc98fc120709

        SHA1

        2a33341eda4b4549452b6db9b259f8ae6ec9c806

        SHA256

        d7610dd6be63aada4fe1895b64bbac961840257c6988e1f68bbf3d8e486b5a45

        SHA512

        e48899ed5581fe9f45c02219d62e0acbc92906af5b7a3b7d9be1bb28b41f5cfdb0d3496abc6d0c1a809bb80d2a49c5a456d34e4667995fb88ef8aca6958881dd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\dearpygui\_dearpygui.pyd
        Filesize

        1.1MB

        MD5

        752ce8895f4aed06115b15301ba7d68c

        SHA1

        db1e454a6cba814a72b06d1c9c96f58233102b87

        SHA256

        d1fc6a3b3f9b39e5156acbbc3820e34cc649d3871b1df6c8d465b9939eb9ebf5

        SHA512

        d9b36dc12cbee9f0ef8e3be61badc6deebd5d96cc735e6a57c28d687d65f28e2d65be3e16a1419d9c9d8de66854ca2d5da18013cc17f7e2b238debcd1a9df62c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\libcrypto-1_1.dll
        Filesize

        1.7MB

        MD5

        95761122df40dda6d7912f80dc2053b1

        SHA1

        06896ee6fc8c2f93e0fb4419cbbc41b5e5f16dcc

        SHA256

        ed85505fdf9717a762927b4ff99a0dd6571e0a194f6d35f6372df2d97ac032a2

        SHA512

        7b2e50d820c05a59487a01fbc33076fb9acdf96bcf13a49d53f6a85fa9e25a88526cef7d15bd80ba8bcd33fb5d9ae777026cd24bbfffb30236f497060b64b319

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\libcrypto-1_1.dll
        Filesize

        1.2MB

        MD5

        1ba889af93701f9392aec36c7f775ad4

        SHA1

        e65d5e7b18c51ebde8e0ffe0da8aea48ce351487

        SHA256

        67f0e85ff4c54a57575ff2f9ca6453cb8020971f9b8678b93e6cadb1cf820127

        SHA512

        f99ce49425cc236f3523e283747645001a2d3001fbd26be4f65024c195daa2dce31053cdeda6a51c4321c745676f0361fda8f63ad15fa3a366d036afada45db1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\main.exe
        Filesize

        580KB

        MD5

        72676e354a74c800ad0d0d7f2fbac847

        SHA1

        6ec69696adcff32ec95699772e7bd1efac6f79c1

        SHA256

        8d19f43372ac0163ae7d7d2583c9c54e0ecbda14058460800ed2deb3fcaa2755

        SHA512

        7eea09c92033a9d1ac03bb68015ebb9da2318fdfd19caff71fd6c6adc8fa1f745a1e53a934a2c32a2a727002c6ba039587fbd5b70eb63b3abc8590e797197f6c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\main.exe
        Filesize

        3.5MB

        MD5

        7df954d18c07787e611380095923c02f

        SHA1

        c50df9bbe7fdf8f7dcac06bcaf7aa00fcb9e0054

        SHA256

        17b262831d397239ff0de2edb2290d6d752fcc8aa8822405547adc9069e7117a

        SHA512

        dec1d3c00d8d70c8a39734c98f3ffe3f766f1c2692966ba6af35b2fe03754a5acb543142b8a17b52e187e1ac33bb8bb472c9f82b92b71c37974eba26a662a66d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\msvcp140.dll
        Filesize

        558KB

        MD5

        bf78c15068d6671693dfcdfa5770d705

        SHA1

        4418c03c3161706a4349dfe3f97278e7a5d8962a

        SHA256

        a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

        SHA512

        5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\psutil\_psutil_windows.pyd
        Filesize

        67KB

        MD5

        1350d7dd4c8715fb749092b370362d91

        SHA1

        6a706c275c48ab835c9d1a3e6e619306003a41c7

        SHA256

        1090e69fa90e0f55b90a2ae429aad7843db013eeef42aa8b0f0267f76abbf6be

        SHA512

        65e2051669daed30a89c60e96c52214bb161de8571eaf26dd680bf9ad91a1474497cfa2399f5da2023e9205f32c668de654fe81cf7bcacdcd58995be451e981c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\pyMeow\pyMeow.pyd
        Filesize

        1024KB

        MD5

        fc71e0f4302cee615827ee667752cb52

        SHA1

        714905ee840567956b956ae325524e6731239f86

        SHA256

        73a73374725ec3334a153c058eb451c0aa0a91a8250350000859f01f85e2415e

        SHA512

        d01e74a6b2788c30874891b0d1edd74f79225404c74dfb55a5144bedc1718dfa36e1c0657cddfd5b328e8e393b809abfc295c49e61b142e9011b63378350dce8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\python39.dll
        Filesize

        2.8MB

        MD5

        2edd2bf3c4446c830c633b68ab69f892

        SHA1

        7acfd4a87726e92f7f7e144582380900bb0a8bc8

        SHA256

        59db74e8cfe67c59a8340222c3647779b204e736ff3e30a6c3ae96a0ba115c9d

        SHA512

        7a57f5b67b4e266df78fc2c1895ff3e18f5c5f8fea62521ea5036d6a751b46ccf12e426fce024451b601f326f82e359657e4c32d7eb99fbd92d61019e21d52d2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\python39.dll
        Filesize

        3.0MB

        MD5

        b56897c8b882c6be1557a3a4f7f0f106

        SHA1

        6098a42355554d189973e3ff3527f62632593dd9

        SHA256

        30168054a764df7502c16874f7a245aeb2543134a2d3456810cf74d428361dee

        SHA512

        9487d9c2e0fb7278232c4d3bc123ec3a0aa033bdfa796a2e672c36f3c3735b177bfed913377402dce4361b73bae3fc7ae2be4f7ce76854991c98288aa56b2744

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\select.pyd
        Filesize

        28KB

        MD5

        196c4d2f8bdc9e9d2dbcce866050684c

        SHA1

        1166c85c761d8188c45d9cc7441abfe8a7071132

        SHA256

        cd31f9f557d57a6909186940eafe483c37de9a7251e604644a747c7ec26b7823

        SHA512

        cb9a02530721482f0ff912ca65dae94f6930676e2390cb5523f99452174622d7e2e70cafaf46e053f0c3dfc314edc8c2f4fd3bc7ea888be81e83ff40d3a30e78

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\vcruntime140.dll
        Filesize

        94KB

        MD5

        a87575e7cf8967e481241f13940ee4f7

        SHA1

        879098b8a353a39e16c79e6479195d43ce98629e

        SHA256

        ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

        SHA512

        e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\vcruntime140_1.dll
        Filesize

        36KB

        MD5

        37c372da4b1adb96dc995ecb7e68e465

        SHA1

        6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

        SHA256

        1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

        SHA512

        926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\win32process.pyd
        Filesize

        51KB

        MD5

        6118ce8d4464764969741fe82e3d2bf4

        SHA1

        b8376b45b7fb2893643fd355559aa287ff8897e8

        SHA256

        9e040738216f2d806c7230a57cd1143178bb0c9e13c12779b644e4da98a3cef3

        SHA512

        e6be8c55a3559783a3083949348949fed92f45f9fc05a1d6926363aacc9f8d7e5d076d8a31becf35852b881988ae299cb3c0c8e942f9337e10e345e5facd37db

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_3428_133526900813549656\winsound.pyd
        Filesize

        29KB

        MD5

        fb5fe1850a861cdd0e65f48a648ec659

        SHA1

        b41cfa72cb660f671676f78fe5fdaaa771c9a35c

        SHA256

        690d2e9b91792c0ca63da116e679368f52c7b0673668f4b5957989f1ab9ffb32

        SHA512

        71c5e62c6bedf73e2cf8b91225154b0e1894788a16df90778e34d587c61a7c3af4ee76b6b256b94d704de9597b69be2c3404c4787896168eb4fc50679a39f6c9

        Download Submit

      • C:\Users\Admin\Videos\Captures\desktop.ini
        Filesize

        190B

        MD5

        b0d27eaec71f1cd73b015f5ceeb15f9d

        SHA1

        62264f8b5c2f5034a1e4143df6e8c787165fbc2f

        SHA256

        86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

        SHA512

        7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

        Download Submit

      • memory/372-135-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-134-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-136-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-140-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-141-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-142-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-143-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-145-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-144-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/372-146-0x0000024540470000-0x0000024540471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3268-133-0x00007FF9583F0000-0x00007FF9586E9000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/3268-191-0x00007FF9583F0000-0x00007FF9586E9000-memory.dmp

        Filesize

        3.0MB

        Download