Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

ScreenConn...up.exe

windows7-x64

8

ScreenConn...up.exe

windows10-2004-x64

8

ScreenConn...up.exe

windows11-21h2-x64

8

Analysis

  • max time kernel
    456s
  • max time network
    1190s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/05/2024, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ScreenConnect.ClientSetup.exe

  • Size

    5.2MB

  • MD5

    5100c35ddc2ca0709857fa1b93e2fd6d

  • SHA1

    d71cbdb3e8729cc071f20b86f3cdc534da93a880

  • SHA256

    585af37e89555cdf0398a491a67f0c501f97c1d9f1ca47569f134b2a4aa6f614

  • SHA512

    a50e2211e83d920e08e2c5030e2ff35e90905a7039b513a0ddd26b8eb8b19de0da5ee0c71da159c78ca082b4758926726257b8d5ce6fc505e4e6ef79d59d3202

  • SSDEEP

    98304:3ps6efPfBOPvLtabi4X0MV+dYdcGt7VIb4:ZfefPJws3V+a

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Drops file in Windows directory 17 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 20 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 13 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\ScreenConnect.ClientSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ScreenConnect.ClientSetup.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\ScreenConnect\160ef0a635c283d2\setup.msi"
      2⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1072
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Registers COM server for autorun
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4000
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5FDF134A8A2CD2F565E8563E46C6D4C6 C
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI7417.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240612437 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
        3⤵
        • Loads dropped DLL
        PID:4844
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3008
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 15F9BD650E0FD6DA6CF6905B689097E3
        2⤵
        • Loads dropped DLL
        PID:1416
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 271E6C7A139EED8D2E7272419472E8D2 E Global\MSI0000
        2⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        PID:2932
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:2800
    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.ClientService.exe
      "C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=instance-olqdnn-relay.screenconnect.com&p=443&s=7ff949d7-72ba-42b9-92de-fe6f6e1cde4e&k=BgIAAACkAABSU0ExAAgAAAEAAQDxFdEYsmqXizFg065Z9Wpb4PGj7JGIJVMU9f5p8lZaqjRiwsJ11J6%2fnftEZ%2fPT6F6tRBn45PzzIZkFeFXT0WPmpxH%2f%2fZk3UydaKxGk3WsiaXaKTlVrZFf6o662vMEYDkUkJGo2MtLyhMrY%2f8Afuai5h2QSMlNWgiNTKn9YlsC%2bjZ3jVfOS4Q0knYijY8sRUXXor8%2bCKgu%2fZYTZG78BpEJOlXHd%2bFxCLb4cgcN%2fGirqlEI46kYddMlUZFn9GBFscFldti6DTNfiKtMiLhSqqPuBZ061NDA%2bN5tcKPmYQyYXH2HLbi1pDfkpGhLPKAFK2CiXeu%2bzhtb5lgs3Sljf5R65"
      1⤵
      • Sets service image path in registry
      • Drops file in System32 directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4800
      • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsClient.exe" "RunRole" "34d51120-d9bf-4a17-b28c-f75832aa8364" "User"
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1012
      • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsClient.exe" "RunRole" "0a3f6eba-0bec-4928-9ae4-19d4bdf0631d" "System"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: AddClipboardFormatListener
        PID:2804

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e579192.rbs
      Filesize

      213KB

      MD5

      0c4b9ecefa07216429ee13b8b0b7ff23

      SHA1

      ea0c788e1b597059ecf9a3de0e78f40780882bb1

      SHA256

      52accfaee58066b0833b63850c42882672c32e8d910a478a5819341038bbfa13

      SHA512

      7069dc87b634dad722b8b71e13c547251b4d85c4925479ab14abf403e3d49d107311275203e18713141cd0ce723c8775c657f4efcc1f415d3eb69f7cf068d6da

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\Client.en-US.resources
      Filesize

      47KB

      MD5

      3e83a3aa62c5ff54ed98e27b3fbecf90

      SHA1

      96d8927c870a74a478864240b3ace94ad543dfb8

      SHA256

      2d88b97d28be01abca4544c6381a4370c1a1ce05142c176742f13b44889ddf90

      SHA512

      ea9d05a4aa1ee5cccc61c4f5e8994efba9efff0549b69577bef1f2a22cce908739124eff1e0db5cfdd69e077ad2d7cdb1307de92d79673c9309ee621cb139956

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\Client.fr-FR.resources
      Filesize

      45KB

      MD5

      cbcd812e3b342bb634c6917f0943965b

      SHA1

      f918d7f6f0bfcbe641ac5a02db873eda75231ea9

      SHA256

      182e6523208dfab4e9fa14a233d404cecd3c8a3dcf5bc246ed40c349d468ddc3

      SHA512

      22442a73bd44028c4fb4ec63856b916bb47b0c195223c15830e44358160211663a61c544cf9e857a4a62bead4865f7e5e00e8d413df961246a392646df6070e0

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\Client.resources
      Filesize

      26KB

      MD5

      5cd580b22da0c33ec6730b10a6c74932

      SHA1

      0b6bded7936178d80841b289769c6ff0c8eead2d

      SHA256

      de185ee5d433e6cfbb2e5fcc903dbd60cc833a3ca5299f2862b253a41e7aa08c

      SHA512

      c2494533b26128fbf8149f7d20257d78d258abffb30e4e595cb9c6a742f00f1bf31b1ee202d4184661b98793b9909038cf03c04b563ce4eca1e2ee2dec3bf787

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.Client.dll
      Filesize

      188KB

      MD5

      6bc9611d5b6cee698149a18d986547a8

      SHA1

      f36ab74e4e502fdaf81e101836b94c91d80cb8ea

      SHA256

      17377a52eeae11e8ee01eb629d6a60c10015ad2bb8bc9768e5c8e4b6500a15ed

      SHA512

      3f23670d0ba150de19a805db6beb6eed8538bbad6fbe3cc21d17d738a43cf411c679a23cea11549e69be0321e672f740791d40e92498aef9d1f8650743ee85ea

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.ClientService.dll
      Filesize

      60KB

      MD5

      22af3a23bd30484514cdacf67c5b3810

      SHA1

      e92a4eaee9d896964de541ce2f01c2404b638258

      SHA256

      7c5442121dba2a30ab9579ec08e111ded372cf9cf90fb3256f273980b975afa9

      SHA512

      95e40b27e90fce7ca85e76afbbc16eb62b4bb977664702b987de2eb2294e6fe9e6df5610ec7b2362c2c68493313f30fbbcbd3446dbe8ae2fa47b89407f5d5936

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.ClientService.exe
      Filesize

      93KB

      MD5

      dc615e9d8ec81cbf2e2452516373e5a0

      SHA1

      ec83d37a4f45caeb07b1605324d0315f959452e9

      SHA256

      e9ab064ed381c29a3930f75ca3e05605c6ee07f30a69c043f576a5461de3bafc

      SHA512

      82fe00447fb9785264dfb8032399adf6d33d91d71058212d252742c9e5fd54f5a52f6baf4fb05e95f9a4055057c60a33a7c1c642f18a6a4e045b49be88fa5d9f

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.Windows.dll
      Filesize

      1.6MB

      MD5

      29454a0cb83f28c24805e9a70e53444a

      SHA1

      334202965b07ab69f08b16fed0ee6c7274463556

      SHA256

      998cc3f9af5bd41ccf0f9be86192bbe20cdec08a6ff73c1199e1364195a83e14

      SHA512

      62790920974a2f1b018d466ae3e3b5100006a3c8013f43bdb04af7074cfe5d992caaeb610de2b1b72ff0e4acf8762db1513a4a0cf331f9a340ae0ce53c3be895

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsClient.exe
      Filesize

      573KB

      MD5

      5dec65c4047de914c78816b8663e3602

      SHA1

      8807695ee8345e37efec43cbc0874277ed9b0a66

      SHA256

      71602f6b0b27c8b7d8ad624248e6126970939effde785ec913ace19052e9960e

      SHA512

      27b5dcb5b0aeadf246b91a173d06e5e8d6cf2cd19d86ca358e0a85b84cd9d8f2b26372ef34c3d427f57803d90f2e97cf59692c80c268a71865f08fc0e7ce42d1

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsClient.exe.config
      Filesize

      266B

      MD5

      728175e20ffbceb46760bb5e1112f38b

      SHA1

      2421add1f3c9c5ed9c80b339881d08ab10b340e3

      SHA256

      87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

      SHA512

      fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\ScreenConnect.WindowsCredentialProvider.dll
      Filesize

      746KB

      MD5

      f01a59c5cf7ec437097d414d7c6d59c4

      SHA1

      9ea1c3fbf3b5adbe5a23578dea3b511d44e6a2dd

      SHA256

      62b405f32a43da0c8e8ed14a58ec7b9b4422b154bfd4aed4f9be5de0bc6eb5e8

      SHA512

      587748ad4dd18677a3b7943eab1c0f8e77fe50a45e17266ba9a0e1363eda0ff1eabcf11884a5d608e23baf86af8f011db745ad06bcdecdfd01c20430745fe4bb

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (160ef0a635c283d2)\system.config
      Filesize

      968B

      MD5

      008d3eb50e95dfb757f40b0025fa16e5

      SHA1

      f6de0f81795b596e7eac5fbace62c6d7dac17d2a

      SHA256

      ae1757ccd652540a1d879b6bdb8ec45ba48f3e8b27770b6113fd4bd4ddc775ef

      SHA512

      e23d01669967aba5666bad3db5119141bc507654c618930cdf6ef78e8a3e7677da34f6c17b06d1cac529b3090ef268c4be406fcb6d04b3556e23a7b22bba1f7c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI7417.tmp
      Filesize

      1017KB

      MD5

      8d94c9f4c07b76b4e32daffcc51109da

      SHA1

      62e31a89c488d6745abb72a3071f688fd6180d33

      SHA256

      2b35c0e4088b2a7728fa7bc6a5bfdefed7665598de6d49641fdf5d1f1271a4d7

      SHA512

      0092cbbd95777e6931864d61931efdf3a349f79c575030cad9a1771432f52e1bdc25d5640e2923d202c42c2ce242d00187486334a946e97319d48211233eb0ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI7417.tmp-\Microsoft.Deployment.WindowsInstaller.dll
      Filesize

      172KB

      MD5

      5ef88919012e4a3d8a1e2955dc8c8d81

      SHA1

      c0cfb830b8f1d990e3836e0bcc786e7972c9ed62

      SHA256

      3e54286e348ebd3d70eaed8174cca500455c3e098cdd1fccb167bc43d93db29d

      SHA512

      4544565b7d69761f9b4532cc85e7c654e591b2264eb8da28e60a058151030b53a99d1b2833f11bfc8acc837eecc44a7d0dbd8bc7af97fc0e0f4938c43f9c2684

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI7417.tmp-\ScreenConnect.Core.dll
      Filesize

      519KB

      MD5

      b319407e807be1a49e366f7f8ea7ee2a

      SHA1

      b12197a877fb7e33b1cb5ba11b0da5ca706581ba

      SHA256

      761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742

      SHA512

      dc497643790dc608dece9c8fe7264efedd13724bd24c9bf28a60d848b405fddefb8337a60f3f32bb91518910e02c7a2aaf29fc32f86a464dfcafa365526bdb7f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI7417.tmp-\ScreenConnect.InstallerActions.dll
      Filesize

      21KB

      MD5

      b0585159161d50e330b7f8eda50a2770

      SHA1

      8636fab3ce6c21a42d3e5fbd495c2ddad4279162

      SHA256

      ca9e51d51f24e16428d1b0e9a0829a44da2678bfc7ba00f0b46a57dcd6d734b8

      SHA512

      e9ae99bdce64ca4282fa4580d3b081f7d0874c756aef77fb58e10db148e2f670ba48667ce62033c6f514ff825dc54c1bdbae2c7f8d5f9355486402cf75e1d5ad

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ScreenConnect\160ef0a635c283d2\setup.msi
      Filesize

      9.1MB

      MD5

      9b8540f756f5a981640973e47e53f8b6

      SHA1

      118a1bc14cfe957fae0e40583392eeb59e321ab1

      SHA256

      a27b6784ba35d71e8772a429c3b241a43cbcab783ed9a28eaafd56fefd9f8d28

      SHA512

      23524b0aa30cb1259ca20ea467bedbc9ae522077e8d9452c4d5bba1150a33468cc10122ba9912684a1b256c76e18fc60ca45597fb6d5640d449afe98af33652d

      Download Submit

    • C:\Windows\Installer\MSI92DB.tmp
      Filesize

      202KB

      MD5

      ba84dd4e0c1408828ccc1de09f585eda

      SHA1

      e8e10065d479f8f591b9885ea8487bc673301298

      SHA256

      3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

      SHA512

      7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      12.8MB

      MD5

      a8a7376266d89f7868eb836aa384bac8

      SHA1

      f54fca46cddbfe6f51a3cf50e5fc804200f0fcee

      SHA256

      4fe925213021cbff169df75bd624d10f3e99aff0f44adcc250ce3d4c0b705be2

      SHA512

      2dd9a0e73ba5593ed1cdda493908459358253ec9602ae81003b357c12305dc717038b950b12ccb9073de58bc60d9c258e4aa095c460ae68626d2e4d22f2df279

      Download Submit

    • \??\Volume{453a990c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{9fd0ae2b-1cc9-4b1f-907d-63d04b86cad2}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      d7b5205cd651218504ae554482ee556c

      SHA1

      5493f387bab2b02f643b4cab77e12c9be63dc57d

      SHA256

      c027cdf8519011a745e82a3e05e556b4e6ff5bc7f2092cc69fef2bc4f306e2cf

      SHA512

      2b575f751b3de36123fb3c81bbe2c47d2dec68364b97f354f173a9851dcbd96099734e90d1ff460e462d4d4c91d73ca50b7963219ceb0d8ab81c7ef2b0b960e0

      Download Submit

    • memory/1012-135-0x0000000002C20000-0x0000000002C36000-memory.dmp

      Filesize

      88KB

      Download

    • memory/1012-134-0x00000000011D0000-0x00000000011E6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/1012-133-0x000000001BEE0000-0x000000001C068000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1012-132-0x000000001BB30000-0x000000001BCDA000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1012-129-0x0000000000900000-0x0000000000994000-memory.dmp

      Filesize

      592KB

      Download

    • memory/1012-131-0x000000001B8F0000-0x000000001B978000-memory.dmp

      Filesize

      544KB

      Download

    • memory/1012-130-0x0000000001200000-0x0000000001236000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1912-12-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1912-1-0x00000000009C0000-0x00000000009C8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1912-0-0x00000000751AE000-0x00000000751AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1912-6-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1912-8-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1912-5-0x0000000004F60000-0x0000000004F82000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1912-4-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1912-3-0x0000000004ED0000-0x0000000004F58000-memory.dmp

      Filesize

      544KB

      Download

    • memory/1912-2-0x0000000005380000-0x000000000564A000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/1912-7-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4800-116-0x00000000046B0000-0x00000000046E6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4800-112-0x0000000004660000-0x00000000046B0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4800-119-0x0000000004A60000-0x0000000004B1E000-memory.dmp

      Filesize

      760KB

      Download

    • memory/4800-96-0x0000000004ED0000-0x0000000005476000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4800-95-0x0000000004770000-0x000000000491A000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4800-117-0x00000000049C0000-0x0000000004A52000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4800-86-0x0000000004480000-0x0000000004496000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4844-28-0x0000000003350000-0x000000000337E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4844-36-0x00000000034D0000-0x0000000003558000-memory.dmp

      Filesize

      544KB

      Download

    • memory/4844-32-0x0000000003390000-0x000000000339C000-memory.dmp

      Filesize

      48KB

      Download