Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    299s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/09/2024, 05:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05c67a9765fe1ebebcedaee376f87a803d7cd37e6c5c19f7d336c2f14a4ef207.exe

  • Size

    403KB

  • MD5

    f73186df5a030cf7f186b0737c3af1f7

  • SHA1

    d15e45feefbbc010db92ae897d80bc7419c0d046

  • SHA256

    05c67a9765fe1ebebcedaee376f87a803d7cd37e6c5c19f7d336c2f14a4ef207

  • SHA512

    a6e4d6e34748fa8fb9153e2104cf49cc36af9b22e29c8df050de0db4e14e9dd18ed178b4bbacd6289a0a55b465c996fb931799ba970dfe559c85215db7e31df1

  • SSDEEP

    12288:WFVCXJfc+aP2LQB0g7YUsKEJGxhimXJEO:MCX2d+LQqbKEJQim5t

Score
10/10
lummastealcvidara669a86f8433a1e88901711c0f772c97defaulte90840a846d017e7b095f7543cdf2d15credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11

Botnet

e90840a846d017e7b095f7543cdf2d15

C2

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Extracted

Family

vidar

Version

11

Botnet

a669a86f8433a1e88901711c0f772c97

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Extracted

Family

lumma

C2

https://possiwreeste.site/api

https://underlinemdsj.site/api

https://chaptermusu.store/api

Signatures

  • Detect Vidar Stealer 20 IoCs
    stealer
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Downloads MZ/PE file
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05c67a9765fe1ebebcedaee376f87a803d7cd37e6c5c19f7d336c2f14a4ef207.exe
    "C:\Users\Admin\AppData\Local\Temp\05c67a9765fe1ebebcedaee376f87a803d7cd37e6c5c19f7d336c2f14a4ef207.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\ProgramData\GHCAAAAKJJ.exe
        "C:\ProgramData\GHCAAAAKJJ.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2696
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2160
      • C:\ProgramData\JKEHIIJJEC.exe
        "C:\ProgramData\JKEHIIJJEC.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3128
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
            PID:1600
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            PID:3748
        • C:\ProgramData\AFHDAEGHDG.exe
          "C:\ProgramData\AFHDAEGHDG.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4576
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
              PID:2676
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              4⤵
                PID:3400
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                4⤵
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:880
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminEGHCAKKEGC.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  PID:4584
                  • C:\Users\AdminEGHCAKKEGC.exe
                    "C:\Users\AdminEGHCAKKEGC.exe"
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    PID:4852
                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                      7⤵
                      • System Location Discovery: System Language Discovery
                      • Checks processor information in registry
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2936
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminHDGIEBGHDA.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  PID:3124
                  • C:\Users\AdminHDGIEBGHDA.exe
                    "C:\Users\AdminHDGIEBGHDA.exe"
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    PID:216
                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                      7⤵
                        PID:3920
                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                        7⤵
                        • System Location Discovery: System Language Discovery
                        PID:2228
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DHDAKFCGIJKJ" & exit
                3⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:528
                • C:\Windows\SysWOW64\timeout.exe
                  timeout /t 10
                  4⤵
                  • System Location Discovery: System Language Discovery
                  • Delays execution with timeout.exe
                  PID:796

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\AFHDAEGHDG.exe
            Filesize

            326KB

            MD5

            2832fbde1cf7ea83bd6fd6a4a5e8fe15

            SHA1

            1ced7a749d257091e0c3b75605fd3bc005e531de

            SHA256

            2b8bcd9d7d072feb114e0436dc10aa80fda52cdd46a4948ea1ae984f74898375

            SHA512

            c69f1197a0c74d057ab569d35c9af675fc465ce6abcc6c8fc32b316d3586871a426d7ab904c43827be7413748f0f45f7f3689076ca031fd858a4a8abf78b9299

            Download Submit

          • C:\ProgramData\DHDAKFCGIJKJKFHIDHII
            Filesize

            6KB

            MD5

            e7bc33ae9da0ea4324035ca604485197

            SHA1

            4a19e5339649d18ce39a6792f3b433b75e18c3c3

            SHA256

            fa4f4ee3cfe70c6df004db1cde6f5ed2356ceb0ff879e182b36346795c93c0f4

            SHA512

            be878bb3b62659e7ee431dfd0d8a120394174c1dcf184f17bee1525227bcf48e9992648119627bcab3caf589d015a534cc44ddeb6f0319d0c9e83a6bc6e737db

            Download Submit

          • C:\ProgramData\EBAAFCAF
            Filesize

            92KB

            MD5

            f1f1e52e12157f58250690a14935123a

            SHA1

            025aa05e57a95271b542e7f968750fe0b7152775

            SHA256

            158a58c6f84871d2d0ad01de5e4b54f308bea3669a5e8e5bb4ad5b0824a9f72e

            SHA512

            8f3b4841ce6aea0d3a0e93b420b5985be47c609f4e477e432c626b2146c8b97854ed115b3c4fa2495033a103cb51f0d9cce85b14acb0a1de2227bbbb2305fab5

            Download Submit

          • C:\ProgramData\GHCAAAAKJJ.exe
            Filesize

            371KB

            MD5

            32c2e31313c3df4a7a36c72503a5beba

            SHA1

            1c88051112dab0e306cadd9ee5d65f8dc229f079

            SHA256

            f1fa2872fcd33c6dbce8d974c0c0381c0762d46a53ceaca14a29727ad02baef3

            SHA512

            ee04d786e53f7fa203dbc4f8c018c72a907dabbd2d1c57e219b2ccc2dbd9d79a4ee8580b98f9b5c5024e628c0207cdd2bf93b9468e457f4ee00326c7c689f1ae

            Download Submit

          • C:\ProgramData\HDGIEBGHDAEB\FIJDGI
            Filesize

            46KB

            MD5

            02d2c46697e3714e49f46b680b9a6b83

            SHA1

            84f98b56d49f01e9b6b76a4e21accf64fd319140

            SHA256

            522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

            SHA512

            60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

            Download Submit

          • C:\ProgramData\HDGIEBGHDAEB\IEBFIE
            Filesize

            20KB

            MD5

            c9ff7748d8fcef4cf84a5501e996a641

            SHA1

            02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

            SHA256

            4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

            SHA512

            d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

            Download Submit

          • C:\ProgramData\JKEHIIJJEC.exe
            Filesize

            404KB

            MD5

            38dabc7063c0a175a12c30bd44cf3dbc

            SHA1

            6d7aabebd8a417168e220c7497f4bc38c314da3b

            SHA256

            de664956d799e59e1cca0788d545922ee420e3afdcf277442f148f52bc78df89

            SHA512

            674760ad37cf7886ca4cd786e4d1966d3827fdad008a85a125e18bd474d073dae8d4296427253bb86e78d3173a300611ee5eb2e01c1f968700679350fc17a24d

            Download Submit

          • C:\ProgramData\KFBGCAKFHCFH\DHCBAE
            Filesize

            148KB

            MD5

            90a1d4b55edf36fa8b4cc6974ed7d4c4

            SHA1

            aba1b8d0e05421e7df5982899f626211c3c4b5c1

            SHA256

            7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

            SHA512

            ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

            Download Submit

          • C:\ProgramData\freebl3.dll
            Filesize

            206KB

            MD5

            c53c51ddbeebc00629b7a83851d40e5a

            SHA1

            5cb65a1fd049867976965e6b867c1aaddac661cf

            SHA256

            7bf45f0df8dda29207572024a25ac9fa1896ed601a69ae9523fb175066899139

            SHA512

            0c0dec2a700e5738710eea651fce5fa3f163df996ee38373cde043744e9630d00faf5dafa7d5bd1d7716da83e977644b9ddb78be16af8b38f34eaf8de218754b

            Download Submit

          • C:\ProgramData\mozglue.dll
            Filesize

            19KB

            MD5

            5db85b8037d7853a06ffbe38fc958053

            SHA1

            78d4ff7d0133d8612c8de22a1cb47ae5826cff23

            SHA256

            7c6a099be3ed13e96041aff3f2360a13f0d8e2911a4a64f8224c311194aa25f9

            SHA512

            00acd86640798c5d531dba45c31f03e1dc561d0542290ed15323e8bdb341d979d76278ee14cec2bd4a54efa4cc76fbe20e413296542cafbac90c22741d9dac10

            Download Submit

          • C:\ProgramData\vcruntime140.dll
            Filesize

            7KB

            MD5

            067e92142839b3e7aa3f359b79425a8e

            SHA1

            21669aa81410cd5a23f136d1393a97109cd7dc1b

            SHA256

            e505a09d4323b52a2c568020387748e45d12a0b2b0d320ca9a619e8afad4469b

            SHA512

            e4c283e736d7d1682ee383d5afd1ec4740a33541e2205177c077602e0b73f8d37558d5a14c033f459130dc47319c13829c86d6339bdfa39fb2940c7c32ca6806

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AdminEGHCAKKEGC.exe.log
            Filesize

            425B

            MD5

            605f809fab8c19729d39d075f7ffdb53

            SHA1

            c546f877c9bd53563174a90312a8337fdfc5fdd9

            SHA256

            6904d540649e76c55f99530b81be17e099184bb4cad415aa9b9b39cc3677f556

            SHA512

            82cc12c3186ae23884b8d5c104638c8206272c4389ade56b926dfc1d437b03888159b3c790b188b54d277a262e731927e703e680ea642e1417faee27443fd5b3

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BLQDLNEB\sql[1].dll
            Filesize

            2.3MB

            MD5

            90e744829865d57082a7f452edc90de5

            SHA1

            833b178775f39675fa4e55eab1032353514e1052

            SHA256

            036a57102385d7f0d7b2deacf932c1c372ae30d924365b7a88f8a26657dd7550

            SHA512

            0a2d112ff7cb806a74f5ec17fe097d28107bb497d6ed5ad28ea47e6795434ba903cdb49aaf97a9a99c08cd0411f1969cad93031246dc107c26606a898e570323

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PE80L8TA.cookie
            Filesize

            104B

            MD5

            6d9bdc1882b96a08474499d7dcefe09c

            SHA1

            2b32bbb586abe758cdae7ff646f5679136a3e4d3

            SHA256

            8b85dcadf111c61e8ea8fe33e7bd07dbe67eceb6c620aecc54fe2fd3fc7eeea7

            SHA512

            0e085f729da8c73865bc319bce03a4336adff7c5d77b6a74818ee245788fa6ccd971846b9a1c75a7bd52d5d6d4f297ca9d93747af24f44eeb98f46851ae7a663

            Download Submit

          • \ProgramData\mozglue.dll
            Filesize

            593KB

            MD5

            c8fd9be83bc728cc04beffafc2907fe9

            SHA1

            95ab9f701e0024cedfbd312bcfe4e726744c4f2e

            SHA256

            ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

            SHA512

            fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

            Download Submit

          • \ProgramData\nss3.dll
            Filesize

            2.0MB

            MD5

            1cc453cdf74f31e4d913ff9c10acdde2

            SHA1

            6e85eae544d6e965f15fa5c39700fa7202f3aafe

            SHA256

            ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

            SHA512

            dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

            Download Submit

          • memory/880-116-0x0000000061E00000-0x0000000061EF3000-memory.dmp

            Filesize

            972KB

            Download

          • memory/880-115-0x0000000000400000-0x0000000000661000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/880-113-0x0000000000400000-0x0000000000661000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/2160-80-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

            Download

          • memory/2160-86-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

            Download

          • memory/2160-83-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

            Download

          • memory/2228-206-0x0000000000400000-0x0000000000463000-memory.dmp

            Filesize

            396KB

            Download

          • memory/2696-77-0x00000000724EE000-0x00000000724EF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2696-78-0x0000000000AA0000-0x0000000000B00000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2696-87-0x00000000724E0000-0x0000000072BCE000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2696-85-0x00000000724E0000-0x0000000072BCE000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2912-34-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-6-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-59-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-3-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-68-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-69-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-8-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-61-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-33-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-22-0x0000000020400000-0x000000002065F000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/2912-21-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2912-20-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2924-11-0x0000000073D20000-0x000000007440E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2924-60-0x0000000073D20000-0x000000007440E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2924-0-0x0000000073D2E000-0x0000000073D2F000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2924-1-0x0000000000590000-0x00000000005F8000-memory.dmp

            Filesize

            416KB

            Download

          • memory/2936-228-0x000000001FA30000-0x000000001FC8F000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/2936-226-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/2936-225-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3128-95-0x0000000000500000-0x000000000056A000-memory.dmp

            Filesize

            424KB

            Download

          • memory/3748-97-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3748-222-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3748-223-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3748-208-0x000000001FB90000-0x000000001FDEF000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/3748-186-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3748-179-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3748-101-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/3748-99-0x0000000000400000-0x0000000000676000-memory.dmp

            Filesize

            2.5MB

            Download

          • memory/4576-111-0x0000000000AF0000-0x0000000000B46000-memory.dmp

            Filesize

            344KB

            Download