Overview

overview

10

Static

static

8

6723d807f4...9d.exe

windows7-x64

10

6723d807f4...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d.exe

  • Size

    855KB

  • MD5

    44096bae1ae755f2165f19b3dbf20870

  • SHA1

    c8ab70294abdc918d69ad049db03d1ca1be7b14c

  • SHA256

    6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

  • SHA512

    3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

  • SSDEEP

    1536:ehqF+u1LAn+5eHByhdNMcmTcHEnStBFwYAuPzJU3LZlYbr5A/zdHnAkUEocqgvJM:xvm4VMcmYAYjPzcfYf5Ard2EorYDk+W

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 14 IoCs
    evasion
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • UAC bypass 3 TTPs 4 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 4 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables taskbar notifications via registry modification
    evasion
  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Sets file execution options in registry 2 TTPs 64 IoCs
    persistence
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops startup file 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 15 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 47 IoCs
  • System policy modification 1 TTPs 6 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d.exe
    "C:\Users\Admin\AppData\Local\Temp\6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
        PID:1720
      • C:\Users\Admin\AppData\Local\Temp\6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d.exe
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1088
        • C:\Users\Admin\E696D64614\winlogon.exe
          "C:\Users\Admin\E696D64614\winlogon.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:688
          • C:\Windows\SysWOW64\svchost.exe
            C:\Windows\system32\svchost.exe
            4⤵
              PID:580
            • C:\Users\Admin\E696D64614\winlogon.exe
              4⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:772
              • C:\Users\Admin\E696D64614\winlogon.exe
                "C:\Users\Admin\E696D64614\winlogon.exe"
                5⤵
                • Modifies firewall policy service
                • Modifies security service
                • Modifies visibility of file extensions in Explorer
                • Modifies visiblity of hidden/system files in Explorer
                • UAC bypass
                • Windows security bypass
                • Disables RegEdit via registry modification
                • Drops file in Drivers directory
                • Executes dropped EXE
                • Sets file execution options in registry
                • Drops startup file
                • Windows security modification
                • Adds Run key to start application
                • Checks whether UAC is enabled
                • Modifies Control Panel
                • Modifies Internet Explorer settings
                • Modifies Internet Explorer start page
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:608
      • C:\Windows\system32\wbem\unsecapp.exe
        C:\Windows\system32\wbem\unsecapp.exe -Embedding
        1⤵
          PID:1400
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1576
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1576 CREDAT:275457 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:320
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1576 CREDAT:668683 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1108

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          f2d89c85e212ef130eac6d92aa534b39

          SHA1

          1291a316628bb3582421a4af7ad700141c9f15fd

          SHA256

          4430efe85d4c1c214ec8e4d5cdf0b3b8e39195a3e037b334fdcb93915253cb1f

          SHA512

          d80608f2fb32d30cac39b853f00bea61d5aadf9eb5fb607e41820f5782986d6a5e2151c38235342a3128649938edf91c4f27e3d5c355ed961c9ad314c762b335

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          472B

          MD5

          ae7674294f5a17ef8761b33ac4dad848

          SHA1

          30a771e623dd1e3cb8694bb5f71393aaa9e87b6a

          SHA256

          cac85ed50ce25c45d5093aaaa231a0d1cd9667f47bd2312947070ba202c5d96b

          SHA512

          ab4a0adbe606ac6b1b8c87fb24fa23c7fdd23fbdcfb616f24fe1269dd4d409c45d7b64cdf65b08caa13e88b4461b29d2bded7e197120a7f65a525c2c5e905a5a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562
          Filesize

          1KB

          MD5

          7055fbc792b81e2fcdb72da9d3e6ad81

          SHA1

          dec614359d5d9e76c20aadd3d467037e6a9665ff

          SHA256

          0eb7311d9c9d181942fd9c9ff0217a360ae91829d0dd6df95a8247625eccae34

          SHA512

          b1a94b289211cba78d11888c30d2e6b16fb21fc21476c69e8c9ae618f169ca02f6ddaeac72e1e8bce3a0ea9f4bfbd4e47005703963b6cdf46773d27c34e16f5d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26
          Filesize

          1KB

          MD5

          ad6d84486c3194ab2f71ef94912fdddc

          SHA1

          89aeb9ea77a27510b11762db5acef5654b62ea4b

          SHA256

          437fe72dd5a616c3db9a8e0c4823731abdd627641879ed511e9cf86994492789

          SHA512

          0e37e80588d96a6fb9fe34c0d34d688bb64f3540185fa9e2cb1ed0504229003f3bc31be717a390d3acc668bbfb7a1645cc52bb9e4235afc85a23653ead8ad09a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          db0bd4ca3b3fc4a2d58c63e48c555318

          SHA1

          dbba31e7d8db19359877109b9fcfe0a0fd0550a7

          SHA256

          a4b7d1c37d70782eb5589b29056554f0175e39d129f21ab3fe93a6db323e3cd2

          SHA512

          deba1b892257901cc2a528f8c1099858c3c550672fce859dabcaf6a645eaf57228e01be94da7ddfef8e71369243a41d55d76ba8a09aaf514af1b6ab1572b77f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          402B

          MD5

          f927d4f09198156dcf9fa950229a566b

          SHA1

          7dfe2013a968c91eb5f94e1cf89607c929998e92

          SHA256

          7483743ce6f3e06c1794a0e78e23a686d2fdc9ecf46227374555fb4ae19a988d

          SHA512

          47835d1f79eb67ea4f512808e542fc0fb508014c61f1e6d92f522f76c3aabab0925235e1f72613c48646908811f896e6a1e0c6678126d72f62661ba2d13214a3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562
          Filesize

          466B

          MD5

          8bff803dd432f670c00898509b506240

          SHA1

          30e017f4a69dab49793731c6fd726f17d4109af4

          SHA256

          18e24d25b0c2154a9b4ca8fa6d7142f9a9bb72245a3487fbfd68228c10193d8f

          SHA512

          5bc5867896b8c5bf83dcaac33d50b82249aec655210e6cd10bae6c89b10fc3108ad28e7b833ea3908de83474ebbb509a42000b1c5c00cbae0cc218279f614a65

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ac19d023d0e0f5a2ba9fe3793a1c69ed

          SHA1

          5ebe13a730235667af6d294f778b19fec55f38d7

          SHA256

          0f24addecfa7e1738657740f02af47a3ee6806a9faa4ed0befe2600accc65227

          SHA512

          98c3522da9bdeb2b0d0935da7ec9716c2e58e3bb73b32d5c7b2b6e5b8a83384c898ad633ba61b98bc17cc6c6fa474575b82dc7327028d24fb9f15b8e3e0025e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a18aeb75bc8bb02c3a96cea67c957279

          SHA1

          64f270f2f3adea04f2b89796d9e05164d9593055

          SHA256

          fa2465e1a2520ff9653814c107fad466b15b6c63eed0930757401033aa7dd499

          SHA512

          a7eefb2d7f4faa0899075aacdee2fb57ef3b5a2e5dd40a02249b1834cd93e6f053984a1a4f19133e869a5b48a7eb778cd5df0cf9485672bd36e77c126220f89d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f62b8ef0447a1233583079cd6a6fe9cd

          SHA1

          04b570f5856f4480cfd3036839e1d523191bc9b2

          SHA256

          1ac5b749c0ccd05d10be7f52d5a77fd904bc8addb13b4051bf6d51ccc64a9404

          SHA512

          4a196686d2aeac20dec5a8ce9dd326162d442e3b0362e94ce2959f8df244ae1d7334128353c3596be9b670f6d72983ed6b3cf424fbd57509b92dedf99712d88a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d3d9ce9cb36f5853803edd5b45b88973

          SHA1

          699dbec5cc488e3428908f1640a54d460ec1bb31

          SHA256

          9dde143adbdcb38d800adf2e5cdde1311e17095b8cc48e24e940c1b9b4713ce9

          SHA512

          5776ec51f0c4353dafb6e2de425c6e326ce0e0721e50b476aff5d2d3fb1f71bbb0ae967dad389b949966f6587d10c49f6e16349d5f648f32d476b7cbf63eaf8c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b02c5557f0670f411dec290db3899800

          SHA1

          fbda0e5b73c9581ee3cafe845177ad7c306a4a9c

          SHA256

          c18415c5540408ffa29b677afe20f8293546067a861713a861f76819e93e17a6

          SHA512

          d042223950500842265d00015c9f4b12d81b16a0a7a698875b3fc8f82b7802d27739bfccf746f867e28a1e30b5b54cee21a1e22567b1326143737276322ebafe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26
          Filesize

          470B

          MD5

          89903b8752ecfc1687ea432fb10fd6cd

          SHA1

          af88e218594d46b5cbe8b6eda5f6d9843fc78d09

          SHA256

          2a0b3f572c10702f37fa766b460f301cbf60865c138c8a60f1803125d0c72af0

          SHA512

          2710071dc03d3c9111ea0931b8a2bbda27afafd08dfb9a7c226f7172bbb9e75d276fa07b260116837e77aaf51970bf47210a4dd5efeb34831c70ce49facbb95c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          7a7a3f463b0e0395b01db0fab4f8b2dc

          SHA1

          833d0d0d31e42f9ab7f2f79bc4a6b96999e579ce

          SHA256

          367969352cec02286f502f27df6379a746168661260bf87970805c9afba86370

          SHA512

          9f1d942487dfa70c1ca7376e8313284528ac4124854f155625b67c2de1fc2a9180ecb41a7dbb3e0be335fc1704f8605f82e7857524b4b6dc9b4f571665f30ee9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EVNK484E\www6.buscaid[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          855KB

          MD5

          44096bae1ae755f2165f19b3dbf20870

          SHA1

          c8ab70294abdc918d69ad049db03d1ca1be7b14c

          SHA256

          6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

          SHA512

          3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          855KB

          MD5

          44096bae1ae755f2165f19b3dbf20870

          SHA1

          c8ab70294abdc918d69ad049db03d1ca1be7b14c

          SHA256

          6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

          SHA512

          3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          855KB

          MD5

          44096bae1ae755f2165f19b3dbf20870

          SHA1

          c8ab70294abdc918d69ad049db03d1ca1be7b14c

          SHA256

          6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

          SHA512

          3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          855KB

          MD5

          44096bae1ae755f2165f19b3dbf20870

          SHA1

          c8ab70294abdc918d69ad049db03d1ca1be7b14c

          SHA256

          6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

          SHA512

          3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

          Download Submit

        • \Users\Admin\E696D64614\winlogon.exe
          Filesize

          855KB

          MD5

          44096bae1ae755f2165f19b3dbf20870

          SHA1

          c8ab70294abdc918d69ad049db03d1ca1be7b14c

          SHA256

          6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

          SHA512

          3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

          Download Submit

        • \Users\Admin\E696D64614\winlogon.exe
          Filesize

          855KB

          MD5

          44096bae1ae755f2165f19b3dbf20870

          SHA1

          c8ab70294abdc918d69ad049db03d1ca1be7b14c

          SHA256

          6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d

          SHA512

          3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc

          Download Submit

        • memory/580-69-0x0000000000000000-mapping.dmp

          Download

        • memory/608-82-0x0000000000441670-mapping.dmp

          Download

        • memory/608-89-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/608-93-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/608-111-0x0000000003F10000-0x0000000004F72000-memory.dmp

          Filesize

          16.4MB

          Download

        • memory/608-81-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/608-86-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/688-76-0x00000000010F0000-0x000000000112B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/688-66-0x0000000000000000-mapping.dmp

          Download

        • memory/772-88-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/772-87-0x00000000010F0000-0x000000000112B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/772-72-0x000000000041AA60-mapping.dmp

          Download

        • memory/772-94-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1088-70-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1088-73-0x0000000001300000-0x000000000133B000-memory.dmp

          Filesize

          236KB

          Download

        • memory/1088-63-0x0000000076221000-0x0000000076223000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1088-60-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1088-59-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1088-55-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1088-56-0x000000000041AA60-mapping.dmp

          Download

        • memory/1720-54-0x0000000000000000-mapping.dmp

          Download

        • memory/1728-58-0x0000000001300000-0x000000000133B000-memory.dmp

          Filesize

          236KB

          Download