Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3439eaffe1...81.exe

windows7-x64

10

3439eaffe1...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/12/2024, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3439eaffe1dfd634b46a29ee7f0e938b5b05f9c784123a70b94f9f46aa370381.exe

  • Size

    733KB

  • MD5

    c27bf6db51f64901ba56cf64003cabd2

  • SHA1

    005e61ccfa9a0840d788bcff2a95cff7ec88d6db

  • SHA256

    3439eaffe1dfd634b46a29ee7f0e938b5b05f9c784123a70b94f9f46aa370381

  • SHA512

    1b3b19272c1d0ae7be07b4be04fbcc58e46b9fedeb31a4292bd3e8a270a2deee22efdd9891a26e708ac5d987b6996cefdac64665a685f52cbfcd54e66eb1d443

  • SSDEEP

    12288:WcrNS33L10QdrX2mVnCGoe0cZKqMEF0JCEharfH0uceMTLlW44UdLZeZ:FNA3R5drXbVCGoRcZDMEwC9UucrjLc

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://www.stipamana.com/dftjedrshyyj/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot
  • Lokibot family
    lokibot
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3439eaffe1dfd634b46a29ee7f0e938b5b05f9c784123a70b94f9f46aa370381.exe
    "C:\Users\Admin\AppData\Local\Temp\3439eaffe1dfd634b46a29ee7f0e938b5b05f9c784123a70b94f9f46aa370381.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\sfgdf.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3848
      • C:\Users\Admin\AppData\Roaming\segzs.sfx.exe
        segzs.sfx.exe -pgeyhrntdeszopthnymkdetyuhngfszafupbodcsyRhvqxsdfHbgnmeL -dC:\Users\Admin\AppData\Roaming
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4552
        • C:\Users\Admin\AppData\Roaming\segzs.exe
          "C:\Users\Admin\AppData\Roaming\segzs.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5104
          • C:\Users\Admin\AppData\Roaming\segzs.exe
            C:\Users\Admin\AppData\Roaming\segzs.exe
            5⤵
            • Executes dropped EXE
            • Accesses Microsoft Outlook profiles
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • outlook_office_path
            • outlook_win_path
            PID:3024
          • C:\Users\Admin\AppData\Roaming\segzs.exe
            C:\Users\Admin\AppData\Roaming\segzs.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3984
          • C:\Users\Admin\AppData\Roaming\segzs.exe
            C:\Users\Admin\AppData\Roaming\segzs.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4132
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Roaming\mts103swift.pdf"
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:836
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1852
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F2DABF2F9771C9F79E2E1779CBC283EB --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4432
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2D6E0ABBBA48D6619C60411136957E31 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2D6E0ABBBA48D6619C60411136957E31 --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3384
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F095C7917672CB9017E7233E55D736C --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1068
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0ED2A05758D7937368FBDBBDB827BAAB --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          PID:756
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D693F4AF69D6E159693028C372B50A4C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D693F4AF69D6E159693028C372B50A4C --renderer-client-id=6 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job /prefetch:1
          4⤵
          • System Location Discovery: System Language Discovery
          PID:508
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EEDD69F4440B00572181E8882399985A --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          PID:5088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
    Filesize

    36KB

    MD5

    b30d3becc8731792523d599d949e63f5

    SHA1

    19350257e42d7aee17fb3bf139a9d3adb330fad4

    SHA256

    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

    SHA512

    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
    Filesize

    56KB

    MD5

    752a1f26b18748311b691c7d8fc20633

    SHA1

    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

    SHA256

    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

    SHA512

    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
    Filesize

    64KB

    MD5

    3970de482154391d7acd9b2c5ce0622c

    SHA1

    8405549bce2618575716c528e726cb98c6200ae7

    SHA256

    e3ef2399fdee9a145f7298d1f85616f8ca54ec84f82970f80747a2b86ff490b4

    SHA512

    85b6c9606fa1c8b2346ecb387c55446b774368a0919af60c84a934129c0fc03ab9c254800ba517cc6ed2e76e61ec2782dc0847447c765ce38e37d3fb0b1c0cb9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3350944739-639801879-157714471-1000\0f5007522459c86e95ffcc62f32308f1_dd2803c7-d377-4f06-bdfe-aea230fc7b0e
    Filesize

    46B

    MD5

    d898504a722bff1524134c6ab6a5eaa5

    SHA1

    e0fdc90c2ca2a0219c99d2758e68c18875a3e11e

    SHA256

    878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9

    SHA512

    26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

    Download Submit

  • C:\Users\Admin\AppData\Roaming\mts103swift.pdf
    Filesize

    43KB

    MD5

    f10334c1dc5e4aec8fffd10387397af2

    SHA1

    a520e2e581be33181af241dab80799813bda5785

    SHA256

    307dd5cbcabfcbfd86b65b45f70fb5fc349b861593b74f36ff6416dd5aa44d1e

    SHA512

    2da918d25e6c50ac2423951b161b9c84833e1d06a978043c7a2ca88952ee625e4a0d3886135d112c846159c80e4ab59862ed95e14d8de9dd3930c6232bd6aecc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\segzs.exe
    Filesize

    319KB

    MD5

    e252eca9ccf8de2f046df3b51f6a5973

    SHA1

    0541e65f3018e3edf16832c111dc7a80c46d1b89

    SHA256

    a22ebfe0be1b8df037eac93cc45c3d65b1b12b1d3a889071e52779c4dcd9dceb

    SHA512

    1bf1785b1dee97e905c85f671c829b73eeba911763dc13bafe659ba8b02b8f812ea3cdaa66b59034d1f1d7e4e0011f0b43f9e252cd30372dbd9f1eb675360cdc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\segzs.sfx.exe
    Filesize

    555KB

    MD5

    0be398a8808083c20b84daf04d18dee0

    SHA1

    718959fa4ec118470293016ffbc6f5afde595641

    SHA256

    967f6cf0fd1e698deb0cfedf0d017bd1d0c0240f7b8cb654467264d8a17c7e31

    SHA512

    4f42c66f6ea15cdaefad1f7d8daf528301dd3eaa4e5c6148c4d5dd7e2e9bc86817968bf692218c3f82c6bf49e496f48ba7e287419cd5add3e38f2d20eeaf8b8d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\sfgdf.bat
    Filesize

    18KB

    MD5

    9c3544830a2edeb178eb4082bf7875e0

    SHA1

    000eec764808b31eb32156ec23061060ec7747a6

    SHA256

    6c69d201f7e4eddf329fedf5184c8d8976ce89cc06442f2e6a225a79c7640516

    SHA512

    3a27c3ae65e4c49af8b43e9d7f0e6a2fcd92d29026306af50005163ff33bf44cd2640c3543c61bd44f7dbfd8d6d072f133a07aed5ce8b7a3bfbc501d8e233680

    Download Submit

  • memory/3024-35-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/3024-61-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/3024-33-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/5104-26-0x0000000000940000-0x0000000000996000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5104-32-0x00000000051E0000-0x00000000051E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5104-31-0x00000000053B0000-0x0000000005442000-memory.dmp

    Filesize

    584KB

    Download

  • memory/5104-30-0x0000000009D80000-0x000000000A324000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/5104-29-0x0000000009730000-0x00000000097CC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/5104-28-0x0000000002AC0000-0x0000000002B1E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/5104-27-0x0000000002BA0000-0x0000000002BA6000-memory.dmp

    Filesize

    24KB

    Download