Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2024 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    3.1MB

  • MD5

    74ba48529515c95320f4a86fc42fc668

  • SHA1

    c33b2b0c5e43e5ac274206ae964cf85bb8718048

  • SHA256

    766282cfd30bca193b9e0863f0a994fefb694eb65fd3762461c07c299a5722fa

  • SHA512

    16f09889b08eb9a4c2176ccfb590e31007c0c49336ba7aef6d54f16c6133c36945b3281ff7a4ff0099a0cae1eae12be2846ab24dbe1f977000953eb2868e85f8

  • SSDEEP

    98304:XmP6PUaaDfBgWBPTrdEdsgxYC2JyLce9ebFyZgk6TR:XcqZexyV6T

Score
10/10
amadeylummaremcosstealc9c9aa5dpdnowtalediscoveryevasionpersistenceratstealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

remcos

Botnet

DPDNOW

C2

dpdnow.duckdns.org:8452

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    true

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-A34JIZ

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes
  • url_path

    /6c4adf523b719729.php

Extracted

Family

lumma

C2

https://founpiuer.store/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 7 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 11 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Users\Admin\AppData\Local\Temp\1004494001\remcos_a.exe
        "C:\Users\Admin\AppData\Local\Temp\1004494001\remcos_a.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\ProgramData\Remcos\remcos.exe
          "C:\ProgramData\Remcos\remcos.exe"
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Adds Run key to start application
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:772
      • C:\Users\Admin\AppData\Local\Temp\1004618001\972f9e29b9.exe
        "C:\Users\Admin\AppData\Local\Temp\1004618001\972f9e29b9.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2796
      • C:\Users\Admin\AppData\Local\Temp\1004619001\922221e590.exe
        "C:\Users\Admin\AppData\Local\Temp\1004619001\922221e590.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1516
      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
        "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1604
      • C:\Users\Admin\AppData\Local\Temp\1004621001\9306b49149.exe
        "C:\Users\Admin\AppData\Local\Temp\1004621001\9306b49149.exe"
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Windows security modification
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Remcos\logs.dat
    Filesize

    144B

    MD5

    2fb17c20b7b79b206b059abf82348c42

    SHA1

    2995a96e56012b239be5cc9974fbad2ad16c9264

    SHA256

    c5b66d4ceceabd6adafd28cf7d40e3a23f7799d6ae80eac56b375f4c4c8b3555

    SHA512

    0d41695f35643941c59c02c37ccb7df15360dc925c4c61251acbc75c441368fd296e560ca4a04111816bd12dc29c678af196bd37baca30b284fa41ec85ceb59e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1004494001\remcos_a.exe
    Filesize

    1.9MB

    MD5

    b85c47881ba0eb0b556b83827f8e75c8

    SHA1

    dccdf0daee468f9e9bed3edf928f0839d26b47cb

    SHA256

    9d577624acca69f5b4097a6882e934b026a344757cf5cf31f3341e643ed2ba20

    SHA512

    ca158aff36e4eeff5d1c263a79972dfa0aa7584132f12a3d301a5cc5c47b57309fe71b4837c7b8caa5022cb18529b565d6a0849acdabd1af939b76b48284a605

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1004618001\972f9e29b9.exe
    Filesize

    3.0MB

    MD5

    a8f20ad3d41973d7375370b0b7e0f206

    SHA1

    1e7775500a8838eb99511557a0a6b91001711e77

    SHA256

    945c4e520925902102b0b7435d34ae82952150535847dbb9bae31e319c62ac00

    SHA512

    74915dbf9abb08f258c5f64ec12b19bbbafb0a09a6f01b322cbb3594f9ce3469b352b6279e0b2dcb817ac5a2fc0635c0dd860bd649138326f164ea6193951891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1004619001\922221e590.exe
    Filesize

    2.0MB

    MD5

    5f44f2bb693c50d1141aa214dac22796

    SHA1

    aa3408aaf55c7fc92b90cdbb08075c2b59a7a6dc

    SHA256

    184b2aee425e019ac00a1000a882e5d01e4175e90d84ca0e473db487d43add7d

    SHA512

    4ea0f394a1ec64d7c97b726d7df92519ac87d053e3c1030b0bd8a3fd9b41beed1f48008f85b02b5de2f505e2283888e142dfb8dd3499440b3c00e28da9f23d4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1004621001\9306b49149.exe
    Filesize

    2.6MB

    MD5

    434a153614e722708bfa0d9cc51a5437

    SHA1

    49714a7748b4b61e1a4b13ff87c54d377b9aff78

    SHA256

    5a9bd3b8c8d79747adb97806805db047ecc41b5054835a7cc61aba42d5559b3c

    SHA512

    19d049cb6d3e6d2e94b004dc83be84fa2473b2fc640dd38d0c69e4de469754808c365392b8652716df578a6ed806a769e34257fb369077be69434ba9734de8ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
    Filesize

    3.1MB

    MD5

    74ba48529515c95320f4a86fc42fc668

    SHA1

    c33b2b0c5e43e5ac274206ae964cf85bb8718048

    SHA256

    766282cfd30bca193b9e0863f0a994fefb694eb65fd3762461c07c299a5722fa

    SHA512

    16f09889b08eb9a4c2176ccfb590e31007c0c49336ba7aef6d54f16c6133c36945b3281ff7a4ff0099a0cae1eae12be2846ab24dbe1f977000953eb2868e85f8

    Download Submit

  • memory/772-123-0x0000000000400000-0x00000000008BF000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/772-102-0x0000000000400000-0x00000000008BF000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/772-61-0x0000000000400000-0x00000000008BF000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/1516-107-0x0000000000800000-0x0000000000F1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1516-106-0x0000000000800000-0x0000000000F1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-152-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-155-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-143-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-141-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-139-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-138-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-129-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-164-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-158-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-159-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-160-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-161-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-163-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-162-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-145-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-146-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-148-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-149-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-151-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-153-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-154-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-156-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-157-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-142-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-150-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-147-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-144-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-140-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-135-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-133-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-128-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1604-114-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-116-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-118-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-120-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-134-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-137-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-124-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-126-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1604-132-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1604-131-0x0000000000400000-0x0000000000B1F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/2040-203-0x0000000000BE0000-0x0000000000E8A000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2040-206-0x0000000000BE0000-0x0000000000E8A000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2040-207-0x0000000000BE0000-0x0000000000E8A000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2040-213-0x0000000000BE0000-0x0000000000E8A000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2040-217-0x0000000000BE0000-0x0000000000E8A000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2408-5-0x0000000001090000-0x00000000013AC000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2408-19-0x0000000006C60000-0x0000000006F7C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2408-3-0x0000000001090000-0x00000000013AC000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2408-1-0x0000000077AC0000-0x0000000077AC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2408-4-0x0000000001090000-0x00000000013AC000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2408-2-0x0000000001091000-0x00000000010F9000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2408-0-0x0000000001090000-0x00000000013AC000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2408-16-0x0000000001091000-0x00000000010F9000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2408-15-0x0000000001090000-0x00000000013AC000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2680-59-0x0000000000400000-0x00000000008BF000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2680-45-0x0000000000400000-0x00000000008BF000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2680-85-0x00000000050D0000-0x000000000558F000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2680-58-0x00000000050D0000-0x000000000558F000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2796-84-0x0000000001050000-0x000000000135E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2796-81-0x0000000001050000-0x000000000135E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-77-0x0000000006650000-0x000000000695E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-46-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-80-0x0000000006650000-0x0000000006B0F000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3056-78-0x0000000006650000-0x000000000695E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-21-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-112-0x0000000006650000-0x000000000695E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-18-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-52-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-83-0x0000000006650000-0x0000000006B0F000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3056-43-0x0000000006650000-0x0000000006B0F000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3056-104-0x0000000006650000-0x0000000006D6F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/3056-103-0x0000000006650000-0x0000000006D6F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/3056-44-0x0000000006650000-0x0000000006B0F000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/3056-122-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-204-0x0000000006650000-0x0000000006D6F000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/3056-41-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-202-0x0000000006050000-0x00000000062FA000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3056-20-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-25-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-208-0x0000000006050000-0x000000000636C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-212-0x0000000006050000-0x00000000062FA000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3056-24-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-113-0x0000000006050000-0x000000000636C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3056-22-0x0000000000E60000-0x000000000117C000-memory.dmp

    Filesize

    3.1MB

    Download