Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

27022024_2...an.msi

windows7-x64

10

27022024_2...an.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27022024_2353_scan.msi

  • Size

    5.7MB

  • MD5

    50c85e84f91c3b7f1811380aeae9d606

  • SHA1

    7703c4ec1ea28c2b9785eb02b5c11b7b226155eb

  • SHA256

    ef989e3924e2f9e3fe7ec53fd870124b8f9174275428c36e03a991a55ce5ad54

  • SHA512

    e5b2930d2c44d27af969f96b2040045b6a9a6d6ad6cd500a3b01b7b789e713f8bd6dc867a7d6bfc39b87004bfb67744899cb5e94e37bef142aa2f0e21fe7d02c

  • SSDEEP

    49152:opUPXXhs0/Te0LjgIAkr5VbSPn9VISBdxXhYHGphbEEoGVupQMKk+/GTeonv3c9M:opEpoVR0mVERDCjk+Onva46G

Score
10/10
darkgateadmin888discoverypersistencestealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

remasterprodelherskjs.com

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    kiQRLFmc

  • minimum_disk

    50

  • minimum_ram

    7000

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 14 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 11 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 43 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 53 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 55 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
      PID:1180
      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Adds Run key to start application
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of WriteProcessMemory
        PID:1144
        • \??\c:\windows\SysWOW64\cmd.exe
          "c:\windows\system32\cmd.exe" /c ping 127.0.0.1 & del /q /f /s c:\temp & del /q /f /s C:\ProgramData\cckkfea\ & rmdir /s /q C:\ProgramData\cckkfea\
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1572
          • \??\c:\windows\SysWOW64\PING.EXE
            ping 127.0.0.1
            4⤵
            • Runs ping.exe
            PID:3040
    • C:\Windows\system32\taskhost.exe
      "taskhost.exe"
      1⤵
        PID:1120
        • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
          "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"
          2⤵
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          PID:2112
      • C:\Windows\system32\msiexec.exe
        msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\27022024_2353_scan.msi
        1⤵
        • Blocklisted process makes network request
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2872
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Blocklisted process makes network request
        • Enumerates connected drives
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2696
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding A5850FBB27B22029710EDE2E24811285
          2⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2612
          • C:\Windows\SysWOW64\ICACLS.EXE
            "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
            3⤵
            • Modifies file permissions
            PID:2324
          • C:\Windows\SysWOW64\EXPAND.EXE
            "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
            3⤵
            • Drops file in Windows directory
            PID:572
          • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\iTunesHelper.exe
            "C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\iTunesHelper.exe"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1856
            • \??\c:\temp\Autoit3.exe
              "c:\temp\Autoit3.exe" c:\temp\script.a3x
              4⤵
              • Suspicious use of NtCreateUserProcessOtherParentProcess
              • Executes dropped EXE
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2640
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files"
            3⤵
              PID:1848
            • C:\Windows\SysWOW64\ICACLS.EXE
              "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\." /SETINTEGRITYLEVEL (CI)(OI)LOW
              3⤵
              • Modifies file permissions
              PID:860
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2296
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004D8" "0000000000000540"
          1⤵
          • Drops file in Windows directory
          • Modifies data under HKEY_USERS
          • Suspicious use of AdjustPrivilegeToken
          PID:1408

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\cckkfea\bfcchdc.a3x
          Filesize

          173KB

          MD5

          ec5d16f665052c8321182f4aa0c3a395

          SHA1

          bb77b031e29e0a2448ed6e02e446888615787a15

          SHA256

          989cf43948a517d8cb8f04edf697952a1ca366f5d5937697eccb20c7e18547f6

          SHA512

          e6e2c1658be4de4c422fbae6b580189792dae02d741d1142b99915810f3624e7d31df301db4e039163afac9c5601903c169d8d27c447b4061bf776e059cd564a

          Download Submit

        • C:\ProgramData\cckkfea\ddeefhk
          Filesize

          1KB

          MD5

          47452ffe3abf4b95120490d8f1a9d349

          SHA1

          488e6d2c0a1851413d533acdcf744e561208ffca

          SHA256

          e416b2830ac29a24530334b7fbaa89456220064ff1d907e7ee3d0a7bd582d425

          SHA512

          b4cf56de2ef46b5f7316b22d7376b2412162e908bba338b56a7373a0b64c285c87b3ab92380dbd97e85b852e15c0329970c807b94da9aa0206b630c582b44116

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560
          Filesize

          1KB

          MD5

          e94fb54871208c00df70f708ac47085b

          SHA1

          4efc31460c619ecae59c1bce2c008036d94c84b8

          SHA256

          7b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df86

          SHA512

          2e15b76e16264abb9f5ef417752a1cbb75f29c11f96ac7d73793172bd0864db65f2d2b7be0f16bbbe686068f0c368815525f1e39db5a0d6ca3ab18be6923b898

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ddec838e0fb4962886d5d9b57a3a5637

          SHA1

          741e448ba432d57660bb3f7a2c51a8dd8241f9b4

          SHA256

          dc702880ae8dfc198b86f12f7a78e810700ac66d046dcbcb4c59b6532dab44c1

          SHA512

          d51dd0aac310412d11c965ad035da123130e517fb331b90ace8eaa8788c8e05e1ef6621489c29e5606c667fa2b8d3aedcdc4ec761293b94e572181ab7efb691f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560
          Filesize

          264B

          MD5

          86a0350fec48ef916c63569961ebb929

          SHA1

          fe858beac0a202fc24a7048296bb0f9e340766f2

          SHA256

          cf28d24d6f73d99c5b6d19154cf049ac146e821c564494489c80031a8c46a8e9

          SHA512

          be2a30d744accd9ed1410682e6fad721a30dbb9a1ea9eb9c373d471a092b074210e8d71147cc0e35122cf5b9d11af54b8c70425303d17917ec2c743a1c3e1557

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab94C3.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files.cab
          Filesize

          3.3MB

          MD5

          4660ece36b1ca384d4ba197b066e4d31

          SHA1

          5f92cf3fcb2b2c07439fb1fbfc8710b6a49bba6b

          SHA256

          780567989c0953ec26a16592961712b47930d7eb6317f014c6275e1c5ddb24d4

          SHA512

          c1aca88035f72061636dd47f24ae0f0bb70d9f668d10788db90114e1932dd9eee0b2624fa6e3200244e7d5ad20212651fa97b3ba48356121b4f597174c8fdb07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\CoreFoundation.dll
          Filesize

          180KB

          MD5

          ea44e022115262f0fcd672aead815ec6

          SHA1

          29760451d49c588e2cd8e2d308029b6ac4dbed5f

          SHA256

          c18ac1d78bc0ae5e6f5f4271b2a4a88a41a70a0d5c23e6713508e1e4d510779e

          SHA512

          38f33bc7dec012569ed701fc6f15cf6d4146ce04ef9837295ca4212a50f77031f1fe7ebf526f36ab8dc78d78735c8497c344c41022d87525b7c434eea4d255a1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\iTunesHelper.exe
          Filesize

          342KB

          MD5

          60ccc7ad19b160699a155c525d521b7c

          SHA1

          cd9a03da0e97640ca1a467276b45df59b09078c4

          SHA256

          7b80bb9945046e7063c95be7e8d26de2fe9c4abbe1c717e2f5645173b1270d86

          SHA512

          69bae9a50a662cd9c6ddcc76c15338754c2f58dd587717e4b9da42f2ff8da88740e50f22ef6107711ee1a1eb9f01c016a9c25d7331907b8332f608993703aee6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\iTunesHelper.exe
          Filesize

          221KB

          MD5

          eddbd4f8a5ae50e89be04839d2b6a4f4

          SHA1

          26f55706c7f6e6cf2077842ebc63f152f4689800

          SHA256

          736568326bdc062e45f3a63fb39ba07f4387e79f27abcd897a406ef100f5eea0

          SHA512

          44da9c8fc855f742a5a7056eb23e4088872e8bef833cdc3d51474b8f1e4b00b1b284d47f45ea78e1cdc76d49ef4010cca3ce334e0c3d08298343e16150ede4ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\sqlite3.dll
          Filesize

          91KB

          MD5

          389a81c3c4a68c692d087c2b1c89f66a

          SHA1

          fad8fbd4aaa965d47adef8e573229a9da55af647

          SHA256

          5ac83e785ce539aa68bd6c773df7101b136e6186fdc316094b9e3f9e1198451b

          SHA512

          5e004c8741d0ca77756b73b0331bc9426a4c3e50b0878a01df9c3c417bc7134c00bd11105cb6376b5a395902b4f7b7b0042180c13dc6cb6166ff0fb8d4072728

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\msiwrapper.ini
          Filesize

          1KB

          MD5

          c47a37a2c7e7edf6049760067b1c1b87

          SHA1

          785875948453289685413702c45dbbd5d94aacf6

          SHA256

          921c773dcfae783ece1943d74d02ca089757f34aa69dd08fa559f30db8c3c257

          SHA512

          77f66d2a0ffed4dda829b5aeb7792c7c1091a7822f4829d30339cc87e13eddd259e85013e771b07f4f522784fa740817ab1e4c2a981f56103844bd14dba16788

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar94F4.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Users\Admin\AppData\Roaming\hAEaGEF
          Filesize

          32B

          MD5

          aee5a173dc9b95635f386f584cd1637f

          SHA1

          299e8c2d18492164d3c7c8fe229f0474c77a27ff

          SHA256

          2ace43458f218944acc2ba730052b97780e4cc390086aad2ae00aa5933d21339

          SHA512

          8442b03de4403795ec10575082fafad867436a3ef8d92a5efe54ab8d57d563bae096dc0b88212422b28d6d187ac526e388d896774d4a948e59ba2123aff61357

          Download Submit

        • C:\Windows\Installer\MSIF.tmp
          Filesize

          208KB

          MD5

          d82b3fb861129c5d71f0cd2874f97216

          SHA1

          f3fe341d79224126e950d2691d574d147102b18d

          SHA256

          107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

          SHA512

          244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

          Download Submit

        • C:\temp\Autoit3.exe
          Filesize

          872KB

          MD5

          c56b5f0201a3b3de53e561fe76912bfd

          SHA1

          2a4062e10a5de813f5688221dbeb3f3ff33eb417

          SHA256

          237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

          SHA512

          195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

          Download Submit

        • C:\temp\bhcdfba
          Filesize

          4B

          MD5

          af131fe719fd16a123464261c57ed870

          SHA1

          d046943f9bf8e31c3fb191e4f3ee3ff114aa4d47

          SHA256

          f12de95c81eb6751da166777d3a990feadb0ae19ed2816d9d2da6efcc307e0c2

          SHA512

          36d8fa50da7ce1e39402a7d9314b10c5d5332c2d28548c98d708071d37d9ba948e13eb1f01ab36a98e49996d2a9ed98b2d21ec8e32d66fc339b38ee865051101

          Download Submit

        • C:\temp\fgefabd
          Filesize

          4B

          MD5

          3dbf418e3fbbd1b4bcd10ca0b79a3282

          SHA1

          31ece91b9a37a8b65d5234f2742e496da35b63c6

          SHA256

          da25ac203fa0f322fe9191bba67dbaf3910477e159c7e6861e51828434c2094f

          SHA512

          04ea5ccd222e9e6383053aaabcf72b2e462fd1d36655084ff8f6dd77cc9efc303df199697f16df408448d30125520d981d6c3a514f29c6cd6ed7fea7be77af4c

          Download Submit

        • C:\temp\fgefabd
          Filesize

          4B

          MD5

          120e1fe93fe16823cc52e6dc4d4f1672

          SHA1

          6c61b520a744587b47ee7181aa3d3dd029baf88a

          SHA256

          841de7e17dfea986912f1658775c437e0bf5313fb6a842f791ef57f738d58b60

          SHA512

          0a8c65c42068073ceb1b4858992d4f4fc0d139bcbd783b2ae520218a86b6c24e0fdca8f99d87c8867f1df47d8eb2e068bab334aff66c9d3cc733637e3d7e58c2

          Download Submit

        • \??\c:\temp\Autoit3.exe
          Filesize

          610KB

          MD5

          9b2870caba71468e66f61f578d600815

          SHA1

          0f1a16fd71c5698167e24641d7df3c1c694cb22e

          SHA256

          9cb2ac69b74a015d6ba02ad15632ff56246df6c22d32febeae32e0851f89d505

          SHA512

          b40388bf96ffdcb9379a6caa4817dfdab60036b179d1e903ac472fd6b9544bd2bc6c6fad30e71fbaf3097b6a1bfcf8ff9b5ebcaa38b53132baa0d0898ecf60fc

          Download Submit

        • \??\c:\temp\chdfehd
          Filesize

          4B

          MD5

          edcf4e77d9cc196d99531ab71f3765ac

          SHA1

          97a2d64f731bb6c2d5d99833207e1bc2e512ac88

          SHA256

          7bd825dc94755e6a7f4fd01b8c41f915260f6e4279a0149d5238b55f6c851d05

          SHA512

          66d2e942285561130626380a8bee0a8201f9c40c54b442b46c7b2e794e9401dc825f97887713da53d7cba1de6a1b07b183456a325ab28c2f82b8c761b0c75c57

          Download Submit

        • \??\c:\temp\script.a3x
          Filesize

          468KB

          MD5

          a37df78b6d7563d9743cba9648d84795

          SHA1

          c829f4591b4f748a92db4b49f2b1a2fa3d33c675

          SHA256

          87c47284b340901d82c08c59094040c6e2f39be420893aedc080a16bb11be6a8

          SHA512

          1407168740250b3126acd9633b330a14dcfdace0aa8b1f06f13c45e6fdfdd6836e87b2dd32ffecbbc5c490e74e8103a4399b2ef87ed147062d5f3535a1c7f118

          Download Submit

        • \??\c:\temp\test.txt
          Filesize

          76B

          MD5

          4c5219e9f08372b225eb835b6b55237e

          SHA1

          9266c1757a89a5f9ce0c957b7aaf1ad2e1aa6c9a

          SHA256

          e7f6186b6d7e84a845339f0fc3c1786fa346dff658e24fd60bb6117cea853713

          SHA512

          b07d312bb67ec6a46aaacca7593687405d67fcce62dd6fde5df498140b5c19eb1db85b9555f327a0c462840e0fe02e4e369a846af11ae5fb24bf1a616005d2f5

          Download Submit

        • \Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\CoreFoundation.dll
          Filesize

          99KB

          MD5

          02d8cdf5b433519504e40ecc9083d574

          SHA1

          2a431d1ed3bb5e4c37d0c0dc12ae8853aaae54f8

          SHA256

          987c04546d5293b2d70e52d63f32492043081c2041eec5c89ba38d52b1dbf5c8

          SHA512

          fcbcb637fc4ff57aa9cd957874921430a5c22033eabb7300cc31012823a81c009991aa271708fa67bca25551ebdc21dcf2ca045fe6e5fbf0423d5b564c2481b0

          Download Submit

        • \Users\Admin\AppData\Local\Temp\MW-2114eb99-24c5-4b57-877d-ba750e5968f6\files\iTunesHelper.exe
          Filesize

          257KB

          MD5

          3537e1a8e05276bf8a47d9428b6204d4

          SHA1

          8aa6600740ac66d2fef17501e7db5aba209dd840

          SHA256

          ace7432810b35a7a04376d2040d782ee798fc187b13076cb626c858a560c92f0

          SHA512

          5b113d27d3022113671d92ac1e8035a0be2d6597a73a8b1c163c23eaaeb20ba0535838da4be95c6aee85c809923305b940d4c026f1a0671018e9cc7843b9af9f

          Download Submit

        • memory/1144-378-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1144-376-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1144-396-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1144-382-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1144-370-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1144-365-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1144-377-0x00000000007D0000-0x0000000000F72000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/1856-345-0x00000000023B0000-0x000000000254E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1856-337-0x00000000023B0000-0x000000000254E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1856-344-0x0000000073CB0000-0x0000000074040000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2112-375-0x0000000000930000-0x00000000010D2000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/2112-381-0x0000000000930000-0x00000000010D2000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/2112-383-0x0000000000930000-0x00000000010D2000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/2112-393-0x0000000000930000-0x00000000010D2000-memory.dmp

          Filesize

          7.6MB

          Download

        • memory/2640-366-0x0000000004B60000-0x0000000004EAF000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2640-359-0x0000000004B60000-0x0000000004EAF000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2640-357-0x00000000036E0000-0x00000000046B0000-memory.dmp

          Filesize

          15.8MB

          Download