Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://dvdscreensav...

windows10-2004-x64

7

Analysis

  • max time kernel
    77s
  • max time network
    78s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dvdscreensaver.com/

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dvdscreensaver.com/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3804
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc502e46f8,0x7ffc502e4708,0x7ffc502e4718
      2⤵
        PID:1232
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:3428
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4388
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:4492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
            2⤵
              PID:3704
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
              2⤵
                PID:544
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
                2⤵
                  PID:2680
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4472
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
                  2⤵
                    PID:324
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                    2⤵
                      PID:920
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                      2⤵
                        PID:2404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        2⤵
                          PID:3584
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4688 /prefetch:8
                          2⤵
                            PID:5704
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
                            2⤵
                              PID:5712
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,4865748602129084396,9132803778616163734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5904
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2164
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2492
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:6096
                                • C:\Users\Admin\AppData\Local\Temp\Temp1_1164-zzDVD.zip\zzDVD.scr
                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_1164-zzDVD.zip\zzDVD.scr" /S
                                  1⤵
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4632
                                • C:\Users\Admin\AppData\Local\Temp\Temp1_1164-zzDVD.zip\zzDVD.scr
                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_1164-zzDVD.zip\zzDVD.scr" /S
                                  1⤵
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5436
                                • C:\Users\Admin\AppData\Local\Temp\Temp1_1164-zzDVD.zip\zzDVD.scr
                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_1164-zzDVD.zip\zzDVD.scr" /S
                                  1⤵
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5540

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  537815e7cc5c694912ac0308147852e4

                                  SHA1

                                  2ccdd9d9dc637db5462fe8119c0df261146c363c

                                  SHA256

                                  b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                  SHA512

                                  63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  8b167567021ccb1a9fdf073fa9112ef0

                                  SHA1

                                  3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                  SHA256

                                  26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                  SHA512

                                  726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                  Filesize

                                  1024KB

                                  MD5

                                  9ee207b07ef39feb69da8317fa0f5b78

                                  SHA1

                                  7f9b864d0690a5ef46327f370e627f0029c6e339

                                  SHA256

                                  f38b0c6f65df547ceb50c89011c6b10b42bb34018abf9870017fbf9d3c9c8161

                                  SHA512

                                  710585e68ffbb47ef5c1b7787729f355b9258cd17479d89ab9078af2c032c8e09cd4601082ca0d260ad7cbda87d80a53be8a743fd18fffb4d4a442966bcf3ef1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  72B

                                  MD5

                                  382d906872568b5946f0c0f9d2546f5c

                                  SHA1

                                  f6dd575740ccd2b95ac3d75a1376482df3a9eec0

                                  SHA256

                                  c8c7b3f7e740a040708c292b7f6ebccc1a1ac042bad7b1cf0a614141dcad69d3

                                  SHA512

                                  c377a96a176f9a0fc5426f461f7ce4d52076109b7994aab40a65ddf3f9184ae5674578829cdd250392063d81e59deb4ea000729f4dbcabacd756cbe1eb8306e8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  596B

                                  MD5

                                  addc921742ab3d6f02d86549b9572649

                                  SHA1

                                  d88c9d0ea19e739288ca2a402dc60fc16c610e80

                                  SHA256

                                  b3ee8a4b6225cecd953481fbf1eebd0c54ec8720ec71f5960a08244b3b7d2da8

                                  SHA512

                                  561eac7c9fcc2268060af31120ec0c2cf6edf2fee38abdd5b58544ee28313fc010422641bc9b1f1f13a1f3fe34a2e13d4856b863b279c9cc774f4c1c92aae60b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  596B

                                  MD5

                                  956bf09539ad297d6c7d4c15d9e95995

                                  SHA1

                                  9f7f69e91ac6c8ef95620ca2df3728c7ba2bd3d3

                                  SHA256

                                  2a50e11455cd68a599e1fc8c9bf417a503b1bd7cbcc2925b13080ed5b18bc155

                                  SHA512

                                  e3aa21536b442e62759d34af67ddecba4b0eb88843da7a7c8193a164930b39263ba0a3e5b8da205e253e699252877fcfdbded3759ddbb290bcd3e2715127fee1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  037613c528c1eda63612a4e2ef5af8b2

                                  SHA1

                                  f9576860fe427571852902da3b0977ba803f0136

                                  SHA256

                                  bb6a69b594d8d9f441494d1b40df97b8f04d63356017306746c62fec3eb3c662

                                  SHA512

                                  a0f6418a0cae49c5d150393a579c5503dbabd45524b652bc0962f780bc95fa29ce6417e520128131e7407a6d2bd6d36d5b0008aa573a930b93cf54bee606e8a6

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  2d9f6a60dc1cbb749d0df78718bf08ad

                                  SHA1

                                  3d3f06f724edf7c5245e94afeea2b963e17e510b

                                  SHA256

                                  3f3eab7b7fdbe8787a829960f427661a2ae1b91b0bbe8483522eda779edffcbf

                                  SHA512

                                  6146ec74d3fd916d18e3e9e0911d62857a8bb17141d7589b71aa379a07f356b50d0bdae0182646726b0782a860d50624af628ccc96acedbd8e51858f75e11e5e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  a54b281e2ecf35b3a13e3c407175d66e

                                  SHA1

                                  14ea821ad3df07aecccd2c05592e9108ccd563db

                                  SHA256

                                  cc2bbb0cfb372188794b452242bb86438197aef1475f5ce285298fb778f060b3

                                  SHA512

                                  5e25b9bd71583d9ee5df546d47ea4bac63e38641f09ee97eb5dc8709ffbe9deff10b4de1525dab2887a914496b839c0d6d26dbf1446d3053817bcd976bb05ecd

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2228304-9c20-41f2-866e-2febbe321879.tmp
                                  Filesize

                                  5KB

                                  MD5

                                  1cff22f64cb43d5de5808a3ae14a0985

                                  SHA1

                                  f77397e18cc7d1cd8526919d901fa9d9217feb02

                                  SHA256

                                  02b4896b87fbb0c6ec81542a04237c1d986e430dc01bf8ed7bf91520e688e5cb

                                  SHA512

                                  7760b3f7e0dc39bac5200beb591fb46b78587397d696f3f20f79fed65f7749715521b6a3b2ef25552537ebb79cd6850e6cf49fd1689a6cca0c128cef6b0266d1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  91c49ccd80775a4688e6f54c18b29a17

                                  SHA1

                                  ac2b0b018c09de2f1863c1a167280ccc9bf89aa1

                                  SHA256

                                  1e60d01035737693f6f87258ada72ad17567709a5731280f3f4a373ef458436d

                                  SHA512

                                  4ac98c610ab258a81d895682120e89406a34e2fa10bbe22826b3c659e1dad3d6e38c51b3783e5675017b86b8465ec68cb45ed560bb228101484192ff49b43305

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  ced27accdd6cc8209359c287866f3bbe

                                  SHA1

                                  287e4d2fd00e36049aa17b9051610ef2f24b389b

                                  SHA256

                                  f88f6d350de156f17310f388286339f305bd782ff6c0a0b7076cbb0a7fbc8684

                                  SHA512

                                  b913263c9eccfef91af8a7e698d5281733755e6d0bc84177025c538ca255f14997bfdad221339c28f4a1ee74f6008cf2b99d7839d0dc8f135e2b9ff25994d14a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dc46ddf0-21ef-42d2-8573-eb532ea9eea0.tmp
                                  Filesize

                                  11KB

                                  MD5

                                  bcf2bc640e9d9bb6e42ec5d816554778

                                  SHA1

                                  3ceff3329544a242918e273099638055ba6888c5

                                  SHA256

                                  e4e203a04cb93ce5ac202f773ba5e737668d6f348c726d87301494d40215386b

                                  SHA512

                                  9462d12604fdf9147025dac6e013b297cdf83327eeb4d8b43472c877e834c2e7a3197e192e8277ea9758f65869dbedc8b9c9956a28a87aecbe32421c862d091a

                                  Download Submit

                                • C:\Users\Admin\Downloads\Unconfirmed 688596.crdownload
                                  Filesize

                                  5.8MB

                                  MD5

                                  50f961614983cb9714885c2af5bc3a8d

                                  SHA1

                                  8a20033f5d08976b7429c56a1fc48f321fc90d60

                                  SHA256

                                  4510b52a6b7f1af7f8a3f4c797cd7dfca502116b33e86b6ea43da1b1403b4d9e

                                  SHA512

                                  2646106ee6f0d18fa876ee55197c4d466c474a2760384fd32b1d261ac795b0d2ae1150d8277bc6f4d6b32ee56310684f49b8c83aaf6b71f1ed093e9dd7b55be4

                                  Download Submit

                                • \??\pipe\LOCAL\crashpad_3804_EEKODEKYOAYCHPEN
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit

                                • memory/4632-151-0x0000000000400000-0x00000000013A3000-memory.dmp

                                  Filesize

                                  15.6MB

                                  Download

                                • memory/4632-149-0x0000000000400000-0x00000000013A3000-memory.dmp

                                  Filesize

                                  15.6MB

                                  Download

                                • memory/5436-164-0x0000000000400000-0x00000000013A3000-memory.dmp

                                  Filesize

                                  15.6MB

                                  Download

                                • memory/5436-162-0x0000000000400000-0x00000000013A3000-memory.dmp

                                  Filesize

                                  15.6MB

                                  Download

                                • memory/5540-188-0x0000000000400000-0x00000000013A3000-memory.dmp

                                  Filesize

                                  15.6MB

                                  Download