Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

_Getintopc...26.rar

windows10-2004-x64

8

Analysis

  • max time kernel
    233s
  • max time network
    242s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _Getintopc.com_Shadow_Defender_1.5.0.726.rar

  • Size

    3.9MB

  • MD5

    4f413413d826637184d384e35d34f98a

  • SHA1

    89d7270d76d4789111a701bc4e85ac0e43f69c45

  • SHA256

    444e4f94756e7094b2dced1bf728874ffae492d6c5e306232c1e162c470eaada

  • SHA512

    ca55eefd76e735dead58fb7a31693e749d677ed75fc6488ddc1e9fc4187804f08dfd0a38e44807129eb206c36efb0411ca08e98ff34c2b021f58197e8507e240

  • SSDEEP

    98304:q1lY8xKHQ1ILuTFOIp4MqH7fjNcOyY7GJ7MqEAmjqtvXA11ukvZn:qQkKYcuc5Mqb7R72x0OEvhn

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 14 IoCs
  • Loads dropped DLL 2 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 45 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 41 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_Shadow_Defender_1.5.0.726.rar
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_Shadow_Defender_1.5.0.726.rar"
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4428
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3724 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3804
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:432
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sd\How to Install.txt
        1⤵
          PID:448
        • C:\Users\Admin\Desktop\sd\Setup.exe
          "C:\Users\Admin\Desktop\sd\Setup.exe"
          1⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:3552
          • C:\Users\Admin\AppData\Local\Temp\7z8C1B9DE0\Setup.exe
            C:\Users\Admin\AppData\Local\Temp\7z8C1B9DE0\Setup.exe
            2⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:3952
            • C:\Users\Admin\AppData\Local\Temp\7z8C1B9DE0\Setup_x64.exe
              "C:\Users\Admin\AppData\Local\Temp\7z8C1B9DE0\Setup_x64.exe"
              3⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:372
              • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Setup.exe
                C:\Users\Admin\AppData\Local\Temp\7z8C909174\Setup.exe
                4⤵
                • Drops file in Drivers directory
                • Sets service image path in registry
                • Executes dropped EXE
                • Loads dropped DLL
                • Registers COM server for autorun
                • Adds Run key to start application
                • Enumerates connected drives
                • Drops file in Program Files directory
                • Drops file in Windows directory
                • Modifies registry class
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:988
                • C:\Program Files\Shadow Defender\Service.exe
                  "C:\Program Files\Shadow Defender\Service.exe" /install
                  5⤵
                  • Executes dropped EXE
                  PID:4860
        • C:\Users\Admin\Desktop\Keygen\keygen.exe
          "C:\Users\Admin\Desktop\Keygen\keygen.exe"
          1⤵
            PID:532
          • C:\Program Files\Shadow Defender\Defender.exe
            "C:\Program Files\Shadow Defender\Defender.exe"
            1⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:5096
          • C:\Windows\system32\OpenWith.exe
            C:\Windows\system32\OpenWith.exe -Embedding
            1⤵
            • Modifies registry class
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1172
            • C:\Windows\system32\NOTEPAD.EXE
              "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Shadow Defender\user.dat
              2⤵
                PID:4632
            • C:\Program Files\Shadow Defender\Defender.exe
              "C:\Program Files\Shadow Defender\Defender.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:4748
            • C:\Windows\system32\taskmgr.exe
              "C:\Windows\system32\taskmgr.exe" /4
              1⤵
              • Checks SCSI registry key(s)
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              PID:2256
            • C:\Program Files\Shadow Defender\Uninstall.exe
              "C:\Program Files\Shadow Defender\Uninstall.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2772
              • C:\Users\Admin\AppData\Local\Temp\shdDE.tmp
                "C:\Users\Admin\AppData\Local\Temp\shdDE.tmp" /CLONE:"C:\Program Files\Shadow Defender"
                2⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:3504
            • C:\Program Files\Shadow Defender\Service.exe
              "C:\Program Files\Shadow Defender\Service.exe"
              1⤵
              • Executes dropped EXE
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:408
              • C:\Windows\SYSTEM32\mountvol.exe
                mountvol Z: /s
                2⤵
                  PID:4156
                • C:\Windows\SYSTEM32\mountvol.exe
                  mountvol Z: /d
                  2⤵
                  • Enumerates connected drives
                  PID:1236
              • C:\Program Files\Shadow Defender\DefenderDaemon.exe
                "C:\Program Files\Shadow Defender\DefenderDaemon.exe"
                1⤵
                • Executes dropped EXE
                PID:536
              • C:\Program Files\Shadow Defender\Commit.exe
                "C:\Program Files\Shadow Defender\Commit.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:732
              • C:\Program Files\Shadow Defender\CmdTool.exe
                "C:\Program Files\Shadow Defender\CmdTool.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:376
              • C:\Program Files\Shadow Defender\Defender.exe
                "C:\Program Files\Shadow Defender\Defender.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:1528
              • C:\Windows\system32\OpenWith.exe
                C:\Windows\system32\OpenWith.exe -Embedding
                1⤵
                • Modifies registry class
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:4384
                • C:\Windows\system32\NOTEPAD.EXE
                  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Shadow Defender\user.dat
                  2⤵
                    PID:4560

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Program Files\Shadow Defender\user.dat
                  Filesize

                  49B

                  MD5

                  887dd82aab3dc9f7cfe87d9f6fc83e3a

                  SHA1

                  c4545342d56a2dfbb3c818413b10abe4522b47d1

                  SHA256

                  9ad64f2e5ee60bc50fcf071a0f29bda4c3828277a3666b681e0031429159568c

                  SHA512

                  bbf3e9e011d551bf24bcf1ce8abdff13a3524be1807f026cab9622f3e4684468311855f77ff65600ad09c576537b4716143832b9c7de470171ffe902aa593849

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C1B9DE0\Setup.exe
                  Filesize

                  91KB

                  MD5

                  6db4ae6e41a3671de64b27b91e4be743

                  SHA1

                  42ea76727563244e43af6187ba96f718373c05ef

                  SHA256

                  c3d6792a785edf286a88ee9294121f00d62bc054394bfd5b77db1cf8656ddced

                  SHA512

                  826bbc3107cc691479f3be019a29b36784c7ccf9cea5c668ea2f24123b35b45772fc08bc2e303e5f2fb453a587bd45d13d46e9cdf17bf2d18ed805aef7670477

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C1B9DE0\Setup_x64.exe
                  Filesize

                  2.1MB

                  MD5

                  54895739b5713c93387890e1fe730a21

                  SHA1

                  697f0f8bd003b81ffa88e3c8810ee7456faa1c07

                  SHA256

                  ef84591e539404b3c7cd034d6a5f467d378dac76376d9bdae2964158a62ed0ee

                  SHA512

                  12a3afdcb9238198899a5dcdd304bc2161fcc2dc01680506e57cea3f4cefd5e935fa07e8bb40cc8adf536d05f5d5ab1970543eef8c3e966ebad0178c983866dd

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\CmdTool.exe
                  Filesize

                  726KB

                  MD5

                  7eed712fd75227269aef7e861b507214

                  SHA1

                  94137540e491850558459d3067929239f54d2fb9

                  SHA256

                  57cb2fb43662cfbfe0c56464faee76a8b26430943bbb3ff2392bd684ade54f9a

                  SHA512

                  6732a06b0e3d1f308440f8ee05fe549dfda82def08e8d5be67ae8e7b1259b1986632658d09eed215f97cea47fabc8f4f1f697cb70bf59045f1f23a7eceab3ed6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\CmdTool.txt
                  Filesize

                  1KB

                  MD5

                  0a3b5e5856e14d6d7a8b906b1b300b77

                  SHA1

                  6504c6f7b12fa0fcf5802a37408ec599cf012e5f

                  SHA256

                  99e75281087dffde0af97d6d475fc8fd1db4731b72cd5c5f6e3b8c714bc761e4

                  SHA512

                  7183c52d6ed46d8eb63439145000d3de14d572d0a2adcc6ceb4a9fd350e95c480b09dbfe28820cb288f858cf3c639f5a98b941c0b15b8bcf7d886987355e9337

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Commit.exe
                  Filesize

                  863KB

                  MD5

                  759d4451a50129d1f4163fb11190cfe2

                  SHA1

                  b70cfc8bd910d64941e10c7c5dceca87ced88156

                  SHA256

                  f3f8a71a7a42dcd95cd703ef4a1c09d4e024460f12c208835470d3d0d2173aca

                  SHA512

                  5792ca0a695f4a4dc14e03e3f48a268f268879721106fb88c730ecbcf95b1bc6444c7e4f9555c1af7bb528d6f0dc53d97cbb0513b75ecd8912fe8e11e5ed000d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Daemon.exe
                  Filesize

                  557KB

                  MD5

                  b3b45a29d1b4277decb0c6afd8f8d5bf

                  SHA1

                  9f940af3e5883f5e7d28f82ac130cfc15a17a709

                  SHA256

                  354b2bdf4ef0de2812848d190ace61879de975ab37657f1c81bb9fff58c7c55c

                  SHA512

                  cbcf6c2a46ab9ce7ed6ee6c570ff3c88864980bb89843492a34b7307b5fa9df80190b8fc37c837a718fc79ebf9de8639e2d2cc0de28c6266fc959832af8cde66

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Defender.exe
                  Filesize

                  1.3MB

                  MD5

                  b4a28c2a991b061cc0633e0fa45e43c4

                  SHA1

                  21ca367f795bf789597c1cba8676cd81b66894d8

                  SHA256

                  ae47c41f25fc412b82e6d26c21f622ad6076119ffa25068d540c0b517765a075

                  SHA512

                  f8bbed4b850dd2674cd6bf725f26ec284b64c5c83e51867e3482c2defb7a7f14e5570d3f8c639561b0334e46508258e7a88a8abd010b6cf40dcf730fac67a47d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Help.chm
                  Filesize

                  327KB

                  MD5

                  1e39c9c1ce3d1aa0075edf960e65b238

                  SHA1

                  181ac3dc1ddb845ab9e4e2d04214c8c29b2907e8

                  SHA256

                  c883adc0bba4ec932f657357e6d9e1dc44ce8c3687dca369199741d8fc110459

                  SHA512

                  5ea2fc6bd05be4b5e5a1442cf526af2227d51b4cd77c8af29d6e7fd8c3b6d627cb8b460974da6a89c6a181e0e5d1560b7eb067181dc99d59ce00e799cc6829f7

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Service.exe
                  Filesize

                  130KB

                  MD5

                  9b9b73b2d6656a1679740d6d64018706

                  SHA1

                  af142fb019a06848070baf8b91239da4dec66260

                  SHA256

                  740e6c7027599448305e244d772ff6babdbe33d2d5bf8291f609e28b937bac54

                  SHA512

                  b52efd1dd0e80c144f5ca7cf874532bc8ed5d88d3158d6bf9d964ec5e7bb211e123c90446a08465a8ce6ca1767ca0b1807d20b27ac0b149fc65006e9b83056d7

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Setup.exe
                  Filesize

                  869KB

                  MD5

                  2a7011b3451a089c3e8645374e16c695

                  SHA1

                  ab5057933bf2fb141bca458017717d0eee334d41

                  SHA256

                  4d31518b752e4da221433a5611631d80efdbe2e985fe4c8ae667c4e2c76b4e12

                  SHA512

                  07b977774d82695606f740bdeaff6a00734c636ece49062868f49d84feed5d4e766308d1a845fffce73908ed43fd62955521c723734b82dfc04d53f1f77ee544

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\ShellExt.dll
                  Filesize

                  413KB

                  MD5

                  b60b9851b20d2fbaea560de63637d3b6

                  SHA1

                  00de41406bdc874d8b5bc2c6ddda245a4aa5ef8c

                  SHA256

                  951428a6219b018ee3d6bb22487cef81d2cacd562ed232699386057139d9583f

                  SHA512

                  cd4d217294981bff54ca41bf9cb2ab6e94d24d4802874a441be98fa9df04e77659c18ac9da511300f6d30b6b750c84b7ca6cb7d56c4922d955c79a65b946c8e5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\Uninstall.exe
                  Filesize

                  599KB

                  MD5

                  a363a11b6722015152dc29010ee6a2cb

                  SHA1

                  893ed1aea6faa47d00b877263ca72c407100b218

                  SHA256

                  f4efa917717cb7b3cb4a8ec0e357c85cc968271ce574f0bb082c17ac00ae7dfb

                  SHA512

                  0f11ecf0866bc6c7a4d7d57a2b2c4eac41d1bc3bfa80ac66a677ae3b27493f2de2c5906d4656790cb03c9feeffe0b07cbe5ec67f1dffdd5aea7f7a123c56566c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\diskpt.sys
                  Filesize

                  453KB

                  MD5

                  3ae7155ec3b4ad2cd002c897f5985e60

                  SHA1

                  e70801b369b5c340479db710dddb0cd33aa187ff

                  SHA256

                  0d0766d4261f063ea4754d173a17394c1433acae94a65e007b52245e9ba157b0

                  SHA512

                  6b65d170ec42afd51379cce82cf80995ff6453799449b507798e4ab091f0dd6014f3aa939742172125b5488f7d43b813ff500f797a5cf4677079a1fe9c73f715

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\diskpt.win10.sys
                  Filesize

                  467KB

                  MD5

                  07f890920dda3100263f02193e900b77

                  SHA1

                  aa06412691699ba3f7000cf73689e3d491b9fb90

                  SHA256

                  6ffd78b5954064bba7370af51b2e4f1358424f542682218a1121a375f3903583

                  SHA512

                  c5776ca359408339ae87678fa1ddcc0274f53940f044ae324ff83fbbf8441bf564bd3f06fd6dcd2ebe164ad1925ea9f0e3eac88b35559f7615b9a04fb5790946

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\eula.rtf
                  Filesize

                  9KB

                  MD5

                  32d2f08dec5dcf692ca40ba2f829d0de

                  SHA1

                  981387d3192dff4bcdf5ec574f8e9cb84ddbcc7a

                  SHA256

                  22ba619951f7d5ca072fa7e5dd154c1aa6dcc76afc626783aa2ee4d1e488c731

                  SHA512

                  991db94244d72d1e66a26b019c2568e4d8a76e0bb4b4a90b9a0d8734924c8cc753b12a78092af9b248042049d61c55a5b43acff8abb624ef6b7dbf5f7916e118

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7z8C909174\res.ini
                  Filesize

                  8KB

                  MD5

                  7ab51d79c94256ebc06b7155c02ac418

                  SHA1

                  f4730e56113e67011e87663151ac3827e3bb4eec

                  SHA256

                  9d7722929ea6f016983ebd50cbff744d0f57db2516edf5d4f461baa0f5d0f442

                  SHA512

                  0f66c8e690dae49363b5663e8f4ef730aa23a94eca10f4aa12c17d09fff434468d98df52dc335e41a5a48cdfe1a4d21a838c9e7e116aee22717003ce2c88b8f8

                  Download Submit

                • C:\Users\Admin\Desktop\sd\How to Install.txt
                  Filesize

                  1KB

                  MD5

                  ab89e83ecfb23cd2bbf4512d28b3c732

                  SHA1

                  7525bb5d9261cc101213a956dd029ba7038752ab

                  SHA256

                  74ff33614d875e01cf48ea3f5905aa6844be032ccff63d2db1be0c3ee355b4bc

                  SHA512

                  fc7fd78ee694e83b49a42db94c03a61dafb06b97f36697b3a7322f9e1aceff18d7c0a8333d2909252caa7fff7de4cdabef8c464b1392a06025e5e927c358d711

                  Download Submit

                • C:\Users\Admin\Desktop\sd\Setup.exe
                  Filesize

                  3.5MB

                  MD5

                  e9077833645033fd561e51b93c001a67

                  SHA1

                  bf760c2128a53a23764f9bf95a9b6ddc3398d0ba

                  SHA256

                  c724ff33c4877c92eeba24ba956cca9f6d8f6c7245b5500b528babd6a8cc5973

                  SHA512

                  a5f45af8ebddf8f76e3d26a68cc71fe79ed6b3b51e6b2cc782378769db278c2196d107974f68ee8d023ba610563809fd98651e7d9fc02098a9753da4d3c3c4f6

                  Download Submit

                • memory/376-186-0x00007FF6D2D70000-0x00007FF6D2E2A000-memory.dmp

                  Filesize

                  744KB

                  Download

                • memory/376-183-0x00007FF6D2D70000-0x00007FF6D2E2A000-memory.dmp

                  Filesize

                  744KB

                  Download

                • memory/532-138-0x0000000000400000-0x000000000048C000-memory.dmp

                  Filesize

                  560KB

                  Download

                • memory/532-140-0x0000000000400000-0x000000000048C000-memory.dmp

                  Filesize

                  560KB

                  Download

                • memory/536-176-0x00007FF7F24F0000-0x00007FF7F257D000-memory.dmp

                  Filesize

                  564KB

                  Download

                • memory/536-177-0x00007FF7F24F0000-0x00007FF7F257D000-memory.dmp

                  Filesize

                  564KB

                  Download

                • memory/732-181-0x00007FF7D59C0000-0x00007FF7D5A9B000-memory.dmp

                  Filesize

                  876KB

                  Download

                • memory/732-180-0x00007FF7D59C0000-0x00007FF7D5A9B000-memory.dmp

                  Filesize

                  876KB

                  Download

                • memory/988-79-0x0000000140000000-0x00000001400DF000-memory.dmp

                  Filesize

                  892KB

                  Download

                • memory/988-118-0x00007FFC4CE20000-0x00007FFC4CE88000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/988-136-0x0000000140000000-0x00000001400DF000-memory.dmp

                  Filesize

                  892KB

                  Download

                • memory/1528-188-0x00007FF6B8910000-0x00007FF6B8A6D000-memory.dmp

                  Filesize

                  1.4MB

                  Download

                • memory/1528-189-0x00007FF6B8910000-0x00007FF6B8A6D000-memory.dmp

                  Filesize

                  1.4MB

                  Download

                • memory/2256-159-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-152-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-161-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-160-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-157-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-158-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-162-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-151-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-150-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2256-156-0x00000148048A0000-0x00000148048A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2772-170-0x0000000140000000-0x000000014009A000-memory.dmp

                  Filesize

                  616KB

                  Download

                • memory/2772-166-0x0000000140000000-0x000000014009A000-memory.dmp

                  Filesize

                  616KB

                  Download

                • memory/3504-173-0x0000000140000000-0x000000014009A000-memory.dmp

                  Filesize

                  616KB

                  Download

                • memory/3504-172-0x0000000140000000-0x000000014009A000-memory.dmp

                  Filesize

                  616KB

                  Download

                • memory/4748-149-0x00007FF6B8910000-0x00007FF6B8A6D000-memory.dmp

                  Filesize

                  1.4MB

                  Download

                • memory/4748-148-0x00007FF6B8910000-0x00007FF6B8A6D000-memory.dmp

                  Filesize

                  1.4MB

                  Download

                • memory/5096-144-0x00007FF6B8910000-0x00007FF6B8A6D000-memory.dmp

                  Filesize

                  1.4MB

                  Download

                • memory/5096-143-0x00007FF6B8910000-0x00007FF6B8A6D000-memory.dmp

                  Filesize

                  1.4MB

                  Download