547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848

Analysis

max time kernel
174s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe
Size

460KB
MD5

42ea65ffc61947188cdb79cd9c0daf69
SHA1

6de811d563fb014b847319e525f0abb2b33e1691
SHA256

547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848
SHA512

f92e902eff76b4b2f46d278f8b0a1eb41d9beec6fcb010b8a1bf2c1269de9e0fcb8ae9d027a18e457eeca47079469022b842207934a952bde0fadfa83408e1c1
SSDEEP

12288:+sAw9HD4XRhlitra71HPVzRZvZlk7Mb3c/M7aYz3SaQOEXsasmgQBoVR/uZ:DuvlitqptRbB

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4152	FiQUhUMLyPFJgTY.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
90	icanhazip.com

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\f5e83w4ef.dat	Process not Found
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\f5e83w4ef.dat	Process not Found
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\2637USX3.txt	Process not Found

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\FiQUhUMLyPFJgTY.exe	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	Process not Found

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133141553380429478"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133141554851870195"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI\App\V1	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI\App\V1\LU	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1\LU\PCT = "133126516522531141"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133141555210464139"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133141554516713498"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133141554813588362"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133126516515655299"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1\LU\ICT = "133126516524406599"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133141555233276027"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133141554229057332"	Process not Found
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133141555211244377"	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI\App	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1\LU	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1168	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe
1168	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe
4152	FiQUhUMLyPFJgTY.exe
4152	FiQUhUMLyPFJgTY.exe
4152	FiQUhUMLyPFJgTY.exe
4152	FiQUhUMLyPFJgTY.exe
4152	FiQUhUMLyPFJgTY.exe
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found
784	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4152	FiQUhUMLyPFJgTY.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1168	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe
Token: SeDebugPrivilege	4152	FiQUhUMLyPFJgTY.exe
Token: SeDebugPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found
Token: SeTcbPrivilege	784	Process not Found

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 4152	1168	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe	82
PID 1168 wrote to memory of 4152	1168	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe	82
PID 1168 wrote to memory of 4152	1168	547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe	82
PID 784 wrote to memory of 1056	784	Process not Found	84
PID 784 wrote to memory of 1056	784	Process not Found	84
PID 784 wrote to memory of 2632	784	Process not Found	85
PID 784 wrote to memory of 2632	784	Process not Found	85
PID 784 wrote to memory of 2632	784	Process not Found	85
PID 784 wrote to memory of 1288	784	Process not Found	86
PID 784 wrote to memory of 1288	784	Process not Found	86
PID 784 wrote to memory of 4116	784	Process not Found	87
PID 784 wrote to memory of 4116	784	Process not Found	87
PID 784 wrote to memory of 4116	784	Process not Found	87
PID 784 wrote to memory of 4832	784	Process not Found	88
PID 784 wrote to memory of 4832	784	Process not Found	88
PID 784 wrote to memory of 4832	784	Process not Found	88
PID 784 wrote to memory of 3872	784	Process not Found	89
PID 784 wrote to memory of 3872	784	Process not Found	89
PID 784 wrote to memory of 3872	784	Process not Found	89
PID 784 wrote to memory of 3448	784	Process not Found	90
PID 784 wrote to memory of 3448	784	Process not Found	90
PID 784 wrote to memory of 3448	784	Process not Found	90
PID 784 wrote to memory of 852	784	Process not Found	91
PID 784 wrote to memory of 852	784	Process not Found	91
PID 784 wrote to memory of 852	784	Process not Found	91
PID 784 wrote to memory of 1652	784	Process not Found	94
PID 784 wrote to memory of 1652	784	Process not Found	94
PID 784 wrote to memory of 1652	784	Process not Found	94
PID 784 wrote to memory of 2208	784	Process not Found	98
PID 784 wrote to memory of 2208	784	Process not Found	98

C:\Users\Admin\AppData\Local\Temp\547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe
"C:\Users\Admin\AppData\Local\Temp\547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\FiQUhUMLyPFJgTY.exe
  C:\Users\Admin\AppData\Local\Temp\547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  PID:4152

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:1056

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:2632

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:1288

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:4116

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:4832

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:3872

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:3448

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:852

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:1652

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\FiQUhUMLyPFJgTY.exe

Filesize
460KB

MD5
42ea65ffc61947188cdb79cd9c0daf69

SHA1
6de811d563fb014b847319e525f0abb2b33e1691

SHA256
547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848

SHA512
f92e902eff76b4b2f46d278f8b0a1eb41d9beec6fcb010b8a1bf2c1269de9e0fcb8ae9d027a18e457eeca47079469022b842207934a952bde0fadfa83408e1c1

Download Submit
C:\Windows\FiQUhUMLyPFJgTY.exe

Filesize
460KB

MD5
42ea65ffc61947188cdb79cd9c0daf69

SHA1
6de811d563fb014b847319e525f0abb2b33e1691

SHA256
547fe86a840917a2fde70774e1fa8a2610581b42206474303231ded2f4179848

SHA512
f92e902eff76b4b2f46d278f8b0a1eb41d9beec6fcb010b8a1bf2c1269de9e0fcb8ae9d027a18e457eeca47079469022b842207934a952bde0fadfa83408e1c1

Download Submit
memory/784-144-0x0000024403A40000-0x0000024403A7A000-memory.dmp

Filesize
232KB

Download
memory/784-143-0x0000024403A00000-0x0000024403A34000-memory.dmp

Filesize
208KB

Download
memory/1168-132-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1168-133-0x0000000000401000-0x0000000000404000-memory.dmp

Filesize
12KB

Download
memory/1168-138-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4152-146-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4152-145-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/4152-142-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download