Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

dc543ffe00...18.exe

windows7-x64

7

dc543ffe00...18.exe

windows10-2004-x64

7

$PLUGINSDI...gy.exe

windows7-x64

7

$PLUGINSDI...gy.exe

windows10-2004-x64

8

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ro.exe

windows7-x64

7

$PLUGINSDI...ro.exe

windows10-2004-x64

7

$PLUGINSDI...FC.dll

windows7-x64

3

$PLUGINSDI...FC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

7ZipBuilder.dll

windows7-x64

3

7ZipBuilder.dll

windows10-2004-x64

3

7zxa.dll

windows7-x64

3

7zxa.dll

windows10-2004-x64

3

BugTrap.dll

windows7-x64

3

BugTrap.dll

windows10-2004-x64

3

DocumentReader.dll

windows7-x64

3

DocumentReader.dll

windows10-2004-x64

3

GFLImageServices.dll

windows7-x64

3

GFLImageServices.dll

windows10-2004-x64

3

GFLLibraryBuilder.dll

windows7-x64

3

GFLLibraryBuilder.dll

windows10-2004-x64

3

GeoIP.dll

windows7-x64

3

GeoIP.dll

windows10-2004-x64

3

HashLib.dll

windows7-x64

3

HashLib.dll

windows10-2004-x64

3

ImageViewer.dll

windows7-x64

3

ImageViewer.dll

windows10-2004-x64

3

MediaImage...es.exe

windows7-x64

1

MediaImage...es.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Download_Energy.exe

  • Size

    5.1MB

  • MD5

    96a9c13cdb1c931c8d232dddf929a6ac

  • SHA1

    7f29702918924cd1b9bd943fa0eaafecaeab4c75

  • SHA256

    468eca855754732e658ac1d2ac677a9105f5c62580989f53295e6827232dfc68

  • SHA512

    97dba7c1dd0f8a2bcd3afe92730f20d0171126e1ae0cd1f2218cbb91d0caae298b90bf7950733ff8c7a42daa8b5a747d7c9e00045a0ff73697b2a7bf66c11dd3

  • SSDEEP

    98304:MHopKHIn2zDWnuL0uKVFWM1fYPSM03CNl4rDWd4u3czc1exjMtbQt:UCyDWuL0uKPWYfxn3CNk4eitG

Score
8/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 37 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 7 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 8 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Download_Energy.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Download_Energy.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Users\Admin\AppData\Local\Temp\GLB980A.tmp
      C:\Users\Admin\AppData\Local\Temp\GLB980A.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$PLUGI~1\DOWNLO~1.EXE
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3972
      • C:\Users\Admin\AppData\Local\Temp\CT1269~1\STUBWR~1.EXE
        "C:\Users\Admin\AppData\Local\Temp\CT1269~1\STUBWR~1.EXE" -parameters=C:\Users\Admin\AppData\Local\Temp\CT1269415\parameters.csf
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4672
        • C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe
          C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe -StartPage=TRUE -DefaultSearch=TRUE -SearchFromAddress=TRUE -InstallId=CT1269415_download_energy.exe -OpenUninstallPage=TRUE -Fix404=TRUE -EnableAlerts=TRUE -openwelcomedialog=FALSE -ctid=CT1269415 -ie=C:\Users\Admin\AppData\Local\Temp\CT1269415\CT1269415_ie.exe -ff=C:\Users\Admin\AppData\Local\Temp\CT1269415\CT1269415_ff.exe -ch=C:\Users\Admin\AppData\Local\Temp\CT1269415\CT1269415_ch.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1852
          • \??\c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ie.exe
            "c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ie.exe" /s -silent -startpage=true -defaultsearch=true -showwelcomepage=false -openwelcomedialog=false -showpersonalcompdialog=false -fix404=true -searchfromaddress=true -searchfromadress=true -openuninstallpage=true -defaultsearchdisplayname= -defaultsearchurl= -enablealerts=true -installtype=ConduitNSISIntegration -installid=ct1269415_download_energy.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Installs/modifies Browser Helper Object
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Modifies Internet Explorer start page
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:60
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32 "C:\Program Files (x86)\Download_Energy\tbDown.dll" DllSendInstallationUsage New Installation
              6⤵
              • Blocklisted process makes network request
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:4348
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32 "C:\Program Files (x86)\Download_Energy\tbDown.dll" DllVerifyEnableExtension
              6⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1068
          • \??\c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ff.exe
            "c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ff.exe" /s -silent -startpage=true -defaultsearch=true -showwelcomepage=false -openwelcomedialog=false -showpersonalcompdialog=false -fix404=true -searchfromaddress=true -searchfromadress=true -openuninstallpage=true -defaultsearchdisplayname= -defaultsearchurl= -enablealerts=true -installtype=ConduitNSISIntegration -installid=ct1269415_download_energy.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2904
          • \??\c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ch.exe
            "c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ch.exe" /s -silent -startpage=true -defaultsearch=true -showwelcomepage=false -openwelcomedialog=false -showpersonalcompdialog=false -fix404=true -searchfromaddress=true -searchfromadress=true -openuninstallpage=true -defaultsearchdisplayname= -defaultsearchurl= -enablealerts=true -installtype=ConduitNSISIntegration -installid=ct1269415_download_energy.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
    Filesize

    623KB

    MD5

    6796f6e449f90a543dc3345538acc46f

    SHA1

    97bccd25561f44e9b13f05f6eef083c9ce9ba529

    SHA256

    f22e58cdfe94d4a5fbbf2795a743b167ed9923e289e14654631e0077dd306c1d

    SHA512

    f4402027bf1d40f550aab809b17f3bb8543ae76694d1a0ca429c6e1a0e2eacd835b81c4d8f13debed5c80e51c4214991ec8dba8f3a5731b8e5c8ff88e047685a

    Download Submit

  • C:\Program Files (x86)\Download_Energy\prxtbDown.dll
    Filesize

    172KB

    MD5

    4c163bd2a5905d18893ee311608e8c54

    SHA1

    a2d929a9864513c0e8ed84aad622ef6adcc9b950

    SHA256

    4553d99f1f146e2359ceb60987d904bafd24843b71d3e95c358776f3a1d5c6f1

    SHA512

    e1c7b44dc683f58c7c7b66b2448ed19c4e846b35f4018592c2d87191f3d8a2e4649ec3c92aa2f444b249f8ac27e5f2e7fe1cefbedd5d12721d21335a1c55afb1

    Download Submit

  • C:\Program Files (x86)\Download_Energy\toolbar.cfg
    Filesize

    27B

    MD5

    e9554810d9fb5a0452acc4b13f4f3048

    SHA1

    8b71243ecae23e3884cd0265982e5cfe5464c48a

    SHA256

    92dcbbc5d0ac2f28103c8f33be2d9e898686e417666ae142518fd52c8b5c1442

    SHA512

    6cd5142906f5f98e261d7b49799e20b80b9a5503458a78d234d38c25bd977a6e7c53ee114b898f71a99efd49e4fe5d03871a11077060ca7cddeffe7a1c810cb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Download_Energy\ldrtbDown.dll
    Filesize

    257KB

    MD5

    76b3946090c94bb38dbbca54ac8ff9f7

    SHA1

    1e00782fec3ca539ae30f866502633ff550356c6

    SHA256

    d3f942951b10476d7f16124295bbacd6da61f63edee8d136260715cc4d929e99

    SHA512

    7c5e1231e6a0174f6c0c88c12bccdef673fd81001f746b7b4e543e73b078312b2fa808bda1616e93f98d44df99ee0d31a9bef2a7adcda783d6b21db7c897e793

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CT1269415\CT1269415_ch.exe
    Filesize

    1.5MB

    MD5

    233c83de3843c900e8f356e2e362ec3c

    SHA1

    cd5b9450f792eaf2422bc79061959f8546051761

    SHA256

    89167ecf8ba5dbdea7c3acc0c4c8267cfc3bd761eeb86e2073660d99b9480759

    SHA512

    92ac03f9df96ae1ed97f4e890b7c75cbe3d4b031f72f27b9ccf1b27e06aacf5fe805dcc208a2650ade29200f244167b4889fd2f4eca7c7956701f22502c29c09

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CT1269415\CT1269415_ff.exe
    Filesize

    1.3MB

    MD5

    c508904e6d99b7a322a9d7c7435dc5f3

    SHA1

    2fc113e92804e4d27475e23e74f54d8c1994fd3b

    SHA256

    e5c1eab74fa5425abb72c52aa41f7572d4d161edb79504a8779758f61ffca3b4

    SHA512

    cd73ebaf24c982ed423454e509b58205207f48da76d5a6e7cff3b22e648f72a04495a1f84dc0bd9852b3db8652ce57d2043460b3cec051f86d2cfa77e564afeb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CT1269~1\STUBWR~1.EXE
    Filesize

    237KB

    MD5

    6c729a49e8776ba7b52503bb736de1b5

    SHA1

    3a26fbd2fbe2564e2a69f3a64c39940c3ea69920

    SHA256

    b4a1c56c5936f81ceecd8ea31cd3aa56c9c8de954a8601d970ff8be2ef736fdb

    SHA512

    cd9370b88f710fe552d640bb9330f3401864b293a57cb309bdde3afa8c1244858c86267c9d2a23da7f8b9f5a00adc5dbffa15f63cc79ace84d35e267a6c15d31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLB980A.tmp
    Filesize

    70KB

    MD5

    12457304fe66ac4b06e940451a476d0f

    SHA1

    5d2b4dead64e175c7f8a66d9a3e0f4f1c0796e9c

    SHA256

    6fd48e58a9904869fc4edc94817ce771d3aee46f5e4558bab99c432afd1dc8ce

    SHA512

    cb947b259d42704252c61658d75998c651272855878552831a20d79e6f4838b2f0d78af14b03e7f575638fa7e38259d87fb01d23856d020b5fbdb134e7a54be1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLC98C5.tmp
    Filesize

    161KB

    MD5

    8c97d8bb1470c6498e47b12c5a03ce39

    SHA1

    15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

    SHA256

    a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

    SHA512

    7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLK98E5.tmp
    Filesize

    33KB

    MD5

    517419cae37f6c78c80f9b7d0fbb8661

    SHA1

    a9e419f3d9ef589522556e0920c84fe37a548873

    SHA256

    bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11

    SHA512

    5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe
    Filesize

    199KB

    MD5

    77b50711b04aa0bf26f9977434db315d

    SHA1

    5110b3a2ade2494e1e2f58785c78ba3c6a7ee6b1

    SHA256

    b268697abaa33a5e61532a99ee208861900d40b0ade549e45de228a5bb637d64

    SHA512

    a276ac5e4c7f360ca1d0e56e56a95e3a06c6c423436e98ba1c2d40e7d11230c8ebb32744f5620df7f85d73780c342aeedcd91540381faaa16eeb31c48caa5f76

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsdA8B4.tmp\ZipDLL.dll
    Filesize

    163KB

    MD5

    2dc35ddcabcb2b24919b9afae4ec3091

    SHA1

    9eeed33c3abc656353a7ebd1c66af38cccadd939

    SHA256

    6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

    SHA512

    0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp
    Filesize

    348B

    MD5

    6e7b34e4caf29351bec697bb88cd8250

    SHA1

    d8c440bba344da13b944b7e896cafc9879d33c8c

    SHA256

    92310f7d8da063154260648db3997488f250583ff45856302cb717e1c63cfb92

    SHA512

    b28d65b149d8f284a8a772d1e4b8c4a75bdc123f587675600ec5fd6872c2323839fee37643a8b5528f17490ed8bb87e9af60a1ac6731bdadd10a05ba482ad781

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsgA21D.tmp\System.dll
    Filesize

    11KB

    MD5

    a82b0479708b96c7bf4dd6b798aedee0

    SHA1

    7e47b402848a86bdddd5f0de8bb4620471caaab0

    SHA256

    72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20

    SHA512

    02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nslA23D.tmp.tbDown.dll
    Filesize

    4.2MB

    MD5

    2d2894581d355d5f44eae38898a66846

    SHA1

    3e30150d840ac9a0c0a7969d2ffd45118be827d6

    SHA256

    4d96ac3f164e9262eb622d442778fe1d8c2d3719478f8e299e49cad1f8705262

    SHA512

    6cb7754548e93a51897fa5af5ed6364f61aac535b0ff394e90942d50e522d5b4b6c8c88e7a07f89311e53e227fe4d909952da76221f1d00449d83521dc659356

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsqA0D5.tmp\ConduitInetc.dll
    Filesize

    471KB

    MD5

    70e3b20d184751b642b06c5a7855c455

    SHA1

    89b00dc942e9c4965765acdb08b3e4a392f2af66

    SHA256

    92e693d3d8be731a66a314e5f15cfad1f4e656f3fee3d32e9e9a736b80be46c1

    SHA512

    48318557e3eb67379b8a8732457ef07864d4dd7a711f22834f883aaa66dbdab01b490a8928c831690e9aadc1514dfb559731142d7c10afd3e75550ab303a0dd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsqA0D5.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsuAB35.tmp\Processes.dll
    Filesize

    58KB

    MD5

    7a69b2f909c684b261c5e295e95351c6

    SHA1

    05df8e4e072bd877e5a641608ee35f2cdcf544fb

    SHA256

    59a81b8119a2e2bc2dcc22d8dbf87b20d6fe8c734930bf86d326cd2708f99358

    SHA512

    aaccf1bd2254a65c7f8f300fe60b028b95f921d03e6507154d56ad2161dfdda8cd7716d00cff7c4512040bca8610ab7a0684cefec4eb729b98874aa35b5c5a97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsvA058.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    acc2b699edfea5bf5aae45aba3a41e96

    SHA1

    d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    SHA256

    168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    SHA512

    e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v6rlcu3a.Admin\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\install.rdf
    Filesize

    1KB

    MD5

    31d95789cce0b8b5dd72ac3bfd6de723

    SHA1

    8ba85068dfdc0b009ae55d48f447d9db1c00321b

    SHA256

    d26573e75f1366ba9a3e1f0fb035c365515e8224330276b534ebcbef10e93cda

    SHA512

    29e7bed2f95ebc73d5d7804e117eaf951a820acb7521d5257b07f49f3c97c57b8f4f1614d2578ddb2cad37bf13e3f7794b800fb8b37df982bc33645339e74278

    Download Submit

  • \??\c:\users\admin\appdata\local\temp\ct1269415\ct1269415_ie.exe
    Filesize

    2.0MB

    MD5

    a87c9807ff5c490a21beeb3e44391c99

    SHA1

    eb5fd8587716b0b20e72217bbdbc3920a278451b

    SHA256

    102c0721d2f518abb62c671504a8a163034060a8217c70a4025afece7116e46f

    SHA512

    692656f37f7e1fc919d7847b6bbd11fb36d6a3b37c77f552afa838ac643a27f7063a57d14c4f5a7682b0c8e8f9f0c4b5ef62a6a2c871a77be1e52ce4369f2802

    Download Submit

  • \??\c:\users\admin\appdata\local\temp\ct1269415\parameters.csf
    Filesize

    417B

    MD5

    099b0d94cd16eff2e794767096dfb000

    SHA1

    e4d2f84884f17b2d3a57016343f6d82ac8643e77

    SHA256

    ad8d3bab709ea2d8166ebfb0b67b53370d21f8d5414ac5b33c607dbdfab46149

    SHA512

    ed0443d2118c3b62a3218946506a04e1cc3663a0aab60afb5ff0bc5cf88452fb0387f4253bc26811a5e715841d4686899fee42d5cab250b20950efa0257198b3

    Download Submit

  • memory/60-250-0x00000000039E0000-0x0000000003A23000-memory.dmp

    Filesize

    268KB

    Download

  • memory/60-231-0x0000000003810000-0x000000000383F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/60-277-0x00000000032E0000-0x0000000003381000-memory.dmp

    Filesize

    644KB

    Download

  • memory/60-267-0x0000000003B80000-0x0000000003FB8000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/60-257-0x0000000003BB0000-0x0000000003FE8000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/60-210-0x00000000032E0000-0x0000000003718000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/736-492-0x0000000002710000-0x000000000273D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/736-521-0x0000000002710000-0x0000000002723000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1852-178-0x00000000027B0000-0x000000000282C000-memory.dmp

    Filesize

    496KB

    Download