imminent | 781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c

Analysis

max time kernel
151s
max time network
61s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
Size

356KB
MD5

aff421ee4730c73fa014586e1b088e22
SHA1

340573f8366da182bc7a6e09a5cdeb2da58a0743
SHA256

781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c
SHA512

4123a080e21a7c9b9d83a045cd77d036abdcb3fc72500ba518f4b7251d8c4735612bbcc16704fad2fcffab4ce9d5f0b07fe54c298cce1e6230d41c0f95137d26
SSDEEP

6144:oORFNs1jtVCrlAbzbrHgnY+ae5wGZPEdjbIyI9R2nr+cRHLDU9gAQZ:FRXs1bwlIvK9aeaGZPijbYR2rvTAu

Score

10^/10

imminent persistence spyware trojan

Malware Config

Signatures

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Executes dropped EXE 4 IoCs

pid	Process
756	AeLookupSvi.exe
528	ProfSvc.exe
1856	AeLookupSvi.exe
1040	ProfSvc.exe

Loads dropped DLL 2 IoCs

pid	Process
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Application Experience = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\AeLookupSvi.exe"	AeLookupSvi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Application Experience = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\AeLookupSvi.exe"	AeLookupSvi.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1904 set thread context of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 528 set thread context of 1040	528	ProfSvc.exe	32

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
756	AeLookupSvi.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
528	ProfSvc.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1332	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
Token: SeDebugPrivilege	1332	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
Token: SeDebugPrivilege	756	AeLookupSvi.exe
Token: SeDebugPrivilege	528	ProfSvc.exe
Token: SeDebugPrivilege	1040	ProfSvc.exe
Token: SeDebugPrivilege	1856	AeLookupSvi.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1332	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
1040	ProfSvc.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 1332	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	28
PID 1904 wrote to memory of 756	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	29
PID 1904 wrote to memory of 756	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	29
PID 1904 wrote to memory of 756	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	29
PID 1904 wrote to memory of 756	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	29
PID 756 wrote to memory of 528	756	AeLookupSvi.exe	30
PID 756 wrote to memory of 528	756	AeLookupSvi.exe	30
PID 756 wrote to memory of 528	756	AeLookupSvi.exe	30
PID 756 wrote to memory of 528	756	AeLookupSvi.exe	30
PID 1904 wrote to memory of 1856	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	31
PID 1904 wrote to memory of 1856	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	31
PID 1904 wrote to memory of 1856	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	31
PID 1904 wrote to memory of 1856	1904	781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe	31
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32
PID 528 wrote to memory of 1040	528	ProfSvc.exe	32

C:\Users\Admin\AppData\Local\Temp\781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
"C:\Users\Admin\AppData\Local\Temp\781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe
  "C:\Users\Admin\AppData\Local\Temp\781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1332
- C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:756
- - C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:528
  - - C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1040
- C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:1856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Imminent\Logs\28-11-2022

Filesize
35B

MD5
93cf39c0efd73d98b1e352cf2372b9b6

SHA1
b1992858d45db9a62c1190d1d76d1ac1216ac92b

SHA256
00f68fa0ec6bd0a1c2f3c1593df124e944291a0161b70de9810206816a2e5ef3

SHA512
7b12bc080acbecfd1fea8d102be94a421b63f0e315c1ab9a3c5a2deb0aeb700f47a7d33349a818ea580ce9741e00221d2cfa4a8e154f590492cc1f8d225aa840

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe

Filesize
10KB

MD5
735c4d78663190b26c3bd7d55fe6d055

SHA1
41b86ac84eddf2ca11ec6e4822f78f38f61c809a

SHA256
227d6056cf5b8238ccf2cc73399b1e137fecface0c9f9d1a06b87270645d1a1c

SHA512
fecd523dd8725fb52fdfcdc29231b7d7de22cd424ab0469fcc267dbf63239addce9706771859863642f1ab63d245ca9a7062e6205f419c2e5e750909cf6cfb67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe

Filesize
10KB

MD5
735c4d78663190b26c3bd7d55fe6d055

SHA1
41b86ac84eddf2ca11ec6e4822f78f38f61c809a

SHA256
227d6056cf5b8238ccf2cc73399b1e137fecface0c9f9d1a06b87270645d1a1c

SHA512
fecd523dd8725fb52fdfcdc29231b7d7de22cd424ab0469fcc267dbf63239addce9706771859863642f1ab63d245ca9a7062e6205f419c2e5e750909cf6cfb67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe

Filesize
10KB

MD5
735c4d78663190b26c3bd7d55fe6d055

SHA1
41b86ac84eddf2ca11ec6e4822f78f38f61c809a

SHA256
227d6056cf5b8238ccf2cc73399b1e137fecface0c9f9d1a06b87270645d1a1c

SHA512
fecd523dd8725fb52fdfcdc29231b7d7de22cd424ab0469fcc267dbf63239addce9706771859863642f1ab63d245ca9a7062e6205f419c2e5e750909cf6cfb67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe

Filesize
356KB

MD5
aff421ee4730c73fa014586e1b088e22

SHA1
340573f8366da182bc7a6e09a5cdeb2da58a0743

SHA256
781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c

SHA512
4123a080e21a7c9b9d83a045cd77d036abdcb3fc72500ba518f4b7251d8c4735612bbcc16704fad2fcffab4ce9d5f0b07fe54c298cce1e6230d41c0f95137d26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe

Filesize
356KB

MD5
aff421ee4730c73fa014586e1b088e22

SHA1
340573f8366da182bc7a6e09a5cdeb2da58a0743

SHA256
781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c

SHA512
4123a080e21a7c9b9d83a045cd77d036abdcb3fc72500ba518f4b7251d8c4735612bbcc16704fad2fcffab4ce9d5f0b07fe54c298cce1e6230d41c0f95137d26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe

Filesize
356KB

MD5
aff421ee4730c73fa014586e1b088e22

SHA1
340573f8366da182bc7a6e09a5cdeb2da58a0743

SHA256
781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c

SHA512
4123a080e21a7c9b9d83a045cd77d036abdcb3fc72500ba518f4b7251d8c4735612bbcc16704fad2fcffab4ce9d5f0b07fe54c298cce1e6230d41c0f95137d26

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe

Filesize
10KB

MD5
735c4d78663190b26c3bd7d55fe6d055

SHA1
41b86ac84eddf2ca11ec6e4822f78f38f61c809a

SHA256
227d6056cf5b8238ccf2cc73399b1e137fecface0c9f9d1a06b87270645d1a1c

SHA512
fecd523dd8725fb52fdfcdc29231b7d7de22cd424ab0469fcc267dbf63239addce9706771859863642f1ab63d245ca9a7062e6205f419c2e5e750909cf6cfb67

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe

Filesize
356KB

MD5
aff421ee4730c73fa014586e1b088e22

SHA1
340573f8366da182bc7a6e09a5cdeb2da58a0743

SHA256
781adf5fb30e943d52753775c8d54f525eca11c32df3440c439ddc8cd0cce73c

SHA512
4123a080e21a7c9b9d83a045cd77d036abdcb3fc72500ba518f4b7251d8c4735612bbcc16704fad2fcffab4ce9d5f0b07fe54c298cce1e6230d41c0f95137d26

Download Submit
memory/528-84-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/528-82-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/756-75-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/756-83-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/756-85-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1040-106-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1040-103-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1332-57-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1332-81-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1332-61-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1332-62-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1332-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1332-69-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1332-58-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1332-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1332-65-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1856-89-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1856-105-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1904-56-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download
memory/1904-54-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1904-55-0x0000000074460000-0x0000000074A0B000-memory.dmp

Filesize
5.7MB

Download