c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642

Analysis

max time kernel
138s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2023, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe
Size

12.2MB
MD5

b4b84decc017efa8cb3e191d864d6f1e
SHA1

c4d01a4d31cadaf8829922fd4e342440fddbeb94
SHA256

c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642
SHA512

4ab9980bc3ac54795ddc55be6c1e91013f96597ba05c4b113e3a9c73ecb2e5a8c248cdbf99033d09fb84c4d7526079a9734337d0d210d312c235cf23941e5a7b
SSDEEP

196608:2+MdpYwfY8+X1333jAYHcKHZOVlBfXSunq5b9Yq3/mfLRlpLfFLOyomFHKnP:Hw6cK1nzDHcK56Lhq5/3kdX7F

Score

8^/10

persistence pyinstaller

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SET886E.tmp	AccPtFltInst.exe
File created	C:\Windows\system32\DRIVERS\SET886E.tmp	AccPtFltInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\AccPtFlt.sys	AccPtFltInst.exe

Executes dropped EXE 3 IoCs

pid	Process
2052	AccPtFltInst.exe
4600	setup.exe
4936	setup.exe

Loads dropped DLL 9 IoCs

pid	Process
524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe
4600	setup.exe
4936	setup.exe
4936	setup.exe
4936	setup.exe
4936	setup.exe
4936	setup.exe
4936	setup.exe
4936	setup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	AccPtFltInst.exe

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x000300000000073d-172.dat	pyinstaller
behavioral2/files/0x000300000000073d-173.dat	pyinstaller
behavioral2/files/0x000300000000073d-199.dat	pyinstaller

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2052	AccPtFltInst.exe
2052	AccPtFltInst.exe
4600	setup.exe
4600	setup.exe
4936	setup.exe
4936	setup.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
668	Process not Found

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 524 wrote to memory of 1736	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	84
PID 524 wrote to memory of 1736	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	84
PID 1736 wrote to memory of 2172	1736	net.exe	86
PID 1736 wrote to memory of 2172	1736	net.exe	86
PID 524 wrote to memory of 2052	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	87
PID 524 wrote to memory of 2052	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	87
PID 2052 wrote to memory of 3800	2052	AccPtFltInst.exe	88
PID 2052 wrote to memory of 3800	2052	AccPtFltInst.exe	88
PID 3800 wrote to memory of 1132	3800	runonce.exe	89
PID 3800 wrote to memory of 1132	3800	runonce.exe	89
PID 524 wrote to memory of 1084	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	91
PID 524 wrote to memory of 1084	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	91
PID 1084 wrote to memory of 1400	1084	net.exe	93
PID 1084 wrote to memory of 1400	1084	net.exe	93
PID 524 wrote to memory of 4600	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	94
PID 524 wrote to memory of 4600	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	94
PID 524 wrote to memory of 4600	524	c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe	94
PID 4600 wrote to memory of 4936	4600	setup.exe	95
PID 4600 wrote to memory of 4936	4600	setup.exe	95
PID 4600 wrote to memory of 4936	4600	setup.exe	95

C:\Users\Admin\AppData\Local\Temp\c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe
"C:\Users\Admin\AppData\Local\Temp\c040dc2a52208b4ceb487a5d9ef469a4966f4787ba4d27d01c6074c48f017642.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:524
- C:\Windows\SYSTEM32\net.exe
  net start AccPtFlt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 start AccPtFlt
    3⤵
    PID:2172
- C:\Users\Admin\AppData\Local\Temp\AccPtFltInst.exe
  ./AccPtFltInst.exe fff123
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Windows\system32\runonce.exe
    "C:\Windows\system32\runonce.exe" -r
    3⤵
    - Checks processor information in registry
    - Suspicious use of WriteProcessMemory
    PID:3800
  - - C:\Windows\System32\grpconv.exe
      "C:\Windows\System32\grpconv.exe" -o
      4⤵
      PID:1132
- C:\Windows\SYSTEM32\net.exe
  net start AccPtFlt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1084
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 start AccPtFlt
    3⤵
    PID:1400
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  C:\Users\Admin\AppData\Local\Temp\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\setup.exe
    C:\Users\Admin\AppData\Local\Temp\setup.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
1.4MB

MD5
ad10eb4e59b416e5364a44ee7e0ab9c9

SHA1
554b0e0c944deecd4cf23f7ffd82fcf52e4b3655

SHA256
57d80707ef2454be0f6f4f90986e64e740e990ead23c8657fac2073ba0bd4147

SHA512
e1d285037c4abba6d0388f3a7cf012ff7c74d1e71c4a23b272f71835705db25cc792fdb0e89027922a98fba8ff52f06f012cbc203f3c41c9845278d43f9e9789

Download Submit
C:\Users\Admin\AppData\Local\Temp\AccPtFlt.sys

Filesize
27KB

MD5
814704a0b9ab78d030b188534da5be8c

SHA1
8b35cba42985b6ebd745aabba75ac112cb1053d0

SHA256
7e4b5b0d5a87a4afd54fb2269d879747e960847f10a7977376033d0169f579b3

SHA512
c8d4632afe5da5d9ad3f412c6f619fd2e6df242019f4ea50a307cae10a974de52e4264a1018652f0612d8a4d8b4bd3a3945207430ca22b597d30a88edde57315

Download Submit
C:\Users\Admin\AppData\Local\Temp\AccPtFltInst.exe

Filesize
635KB

MD5
ed47570790b6435a5ed2af41e0680b08

SHA1
4775f57f60a2f0821d3b3c1975cc928751de877b

SHA256
6b8f8a3d70eb5005a92dc228e48f4b4f02e605b143996f3963e88b64336aa156

SHA512
43954e2600f704478cc613c94c152570c0dad58de4340d3faa7c0b92627aaa732c151a87018fbedaf0b2b9f6a42b709e61b64a5de63ff8ef8d32a50ae8c065ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\AccPtFltInst.exe

Filesize
635KB

MD5
ed47570790b6435a5ed2af41e0680b08

SHA1
4775f57f60a2f0821d3b3c1975cc928751de877b

SHA256
6b8f8a3d70eb5005a92dc228e48f4b4f02e605b143996f3963e88b64336aa156

SHA512
43954e2600f704478cc613c94c152570c0dad58de4340d3faa7c0b92627aaa732c151a87018fbedaf0b2b9f6a42b709e61b64a5de63ff8ef8d32a50ae8c065ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\VCRUNTIME140.dll

Filesize
74KB

MD5
31ce620cb32ac950d31e019e67efc638

SHA1
eaf02a203bc11d593a1adb74c246f7a613e8ef09

SHA256
1e0f8f7f13502f5cee17232e9bebca7b44dd6ec29f1842bb61033044c65b2bbf

SHA512
603e8dceda4cb5b3317020e71f1951d01ace045468eaf118b422f4f44b8b6b2794f5002ea2e3fe9107c222e4cb55b932ed0d897a1871976d75f8ee10d5d12374

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\VCRUNTIME140.dll

Filesize
74KB

MD5
31ce620cb32ac950d31e019e67efc638

SHA1
eaf02a203bc11d593a1adb74c246f7a613e8ef09

SHA256
1e0f8f7f13502f5cee17232e9bebca7b44dd6ec29f1842bb61033044c65b2bbf

SHA512
603e8dceda4cb5b3317020e71f1951d01ace045468eaf118b422f4f44b8b6b2794f5002ea2e3fe9107c222e4cb55b932ed0d897a1871976d75f8ee10d5d12374

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_bz2.pyd

Filesize
66KB

MD5
216f736db1b110548da2f8f21c381412

SHA1
da3781dfe8f6b3bdacc92f82c330cc26248b6b5d

SHA256
ce4f48bdc1f6144b4bcb288896392867176a2b5f10efbfbc2d5454e14cde61ce

SHA512
3bea7426995833f37996468ca3d122c4c182cfcde6f6469d51c211624baa169daacd20101abb1ce8ba50b46fd9f25d1bf1f5e913ebfbea600a5d7ad557f33544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_bz2.pyd

Filesize
66KB

MD5
216f736db1b110548da2f8f21c381412

SHA1
da3781dfe8f6b3bdacc92f82c330cc26248b6b5d

SHA256
ce4f48bdc1f6144b4bcb288896392867176a2b5f10efbfbc2d5454e14cde61ce

SHA512
3bea7426995833f37996468ca3d122c4c182cfcde6f6469d51c211624baa169daacd20101abb1ce8ba50b46fd9f25d1bf1f5e913ebfbea600a5d7ad557f33544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_ctypes.pyd

Filesize
100KB

MD5
30e16eeedd78a40498b600312d18161f

SHA1
c00f657b13e0b0ab5739abf2ee7b627238cd8055

SHA256
92ccf5b99a1f4553001e57fd58bbf8d843b6d6907057e31d236f913f0c51ab82

SHA512
76e213afcec7c06d7fe53b674b983773da8e1d32690bf8ba4ad0aa585e7517f36e7a287d9abb108a438c8937fd0c909ed6ce69658556563648cd581f12536707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_ctypes.pyd

Filesize
100KB

MD5
30e16eeedd78a40498b600312d18161f

SHA1
c00f657b13e0b0ab5739abf2ee7b627238cd8055

SHA256
92ccf5b99a1f4553001e57fd58bbf8d843b6d6907057e31d236f913f0c51ab82

SHA512
76e213afcec7c06d7fe53b674b983773da8e1d32690bf8ba4ad0aa585e7517f36e7a287d9abb108a438c8937fd0c909ed6ce69658556563648cd581f12536707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_lzma.pyd

Filesize
139KB

MD5
4a42b4f058c2e58eb3ab47e0166259cc

SHA1
4a55098dbffd59c651b862c2e610961b20f3b9da

SHA256
adddfd498ed73729af21bc139c421411aa40fa9000da1054c1ed73be6b2c8f56

SHA512
dd68e0a20a58c127a91406e7dfbb20f473635974fec15de0e678101241272c70ea7335e3e0cf990bef200d29f73adc519701989992ab55b53894c6d3133df52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_lzma.pyd

Filesize
139KB

MD5
4a42b4f058c2e58eb3ab47e0166259cc

SHA1
4a55098dbffd59c651b862c2e610961b20f3b9da

SHA256
adddfd498ed73729af21bc139c421411aa40fa9000da1054c1ed73be6b2c8f56

SHA512
dd68e0a20a58c127a91406e7dfbb20f473635974fec15de0e678101241272c70ea7335e3e0cf990bef200d29f73adc519701989992ab55b53894c6d3133df52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\base_library.zip

Filesize
1.0MB

MD5
2262c9bdbba8033e4850c5997ebc546e

SHA1
1bfb0dafb4248508e945332c7959fbca8f94f4c5

SHA256
26b7ef25f6ae552ea484972b687b51e5d97cebcc0a2e87a58ea349b6a4c94c06

SHA512
3be4496baa43c9765ac253b959cf144b60aa18c61f0e27f47fa736897aac76a89348c6397134b626a7c7c1e7c75a53cb45e01892b04705f8e77d98b767ee22d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\bin\data

Filesize
54KB

MD5
c1c0ebf166a7b4fbcb6c749f98d3b9fc

SHA1
d1899a0b469defa316b49b6cb209f8cf01fc78f6

SHA256
a762bc48ed7a55d55640fea6752488bf221a46d2beec39258c47f2d5d05b3ac2

SHA512
2b3a5bc6b820db134231e0121ac81a44410d00401d7e858f05d289ccd38335e006e24b6f94902189b939bf8e7d97864737cb692468045a1d4728c59e6ad7ecd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\python310.dll

Filesize
3.9MB

MD5
87bb8d7f9f22e11d2a3c196ee9bf36a5

SHA1
45dfcb22987f5a20a9b32410336c0d097ca91b35

SHA256
1269f15b1c8daa25af81e6ad22f9bcebfd2c76aec81c18c6d800460b7105bf98

SHA512
75bb2ae36b693e2a1e5ba003503d07ba975f9436fb3da9bf3fc4087a281cb172fa9bd13ad6fc27a62f796af6cbe0c800e2a169c65949a96bd4d0e150f4858288

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\python310.dll

Filesize
3.9MB

MD5
87bb8d7f9f22e11d2a3c196ee9bf36a5

SHA1
45dfcb22987f5a20a9b32410336c0d097ca91b35

SHA256
1269f15b1c8daa25af81e6ad22f9bcebfd2c76aec81c18c6d800460b7105bf98

SHA512
75bb2ae36b693e2a1e5ba003503d07ba975f9436fb3da9bf3fc4087a281cb172fa9bd13ad6fc27a62f796af6cbe0c800e2a169c65949a96bd4d0e150f4858288

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb96B8.tmp

Filesize
1KB

MD5
2c06818cb38d62e254f8fab1069e5bae

SHA1
15e1ddb1555ae0dfa4626c310f6811bc8536e1fa

SHA256
d80117b4bbdc8b91088d246d777ada78c52983a42de62cb2130e2f5128d0bdab

SHA512
7d5611320c31c694aee80005890e69466617394a34fdb425fa315b4e1b3b287af1186e4d2b6050f34a88bb80e67f0a278bc89b2603c86dcec756bfc5f858e7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb988C.tmp

Filesize
1KB

MD5
2c06818cb38d62e254f8fab1069e5bae

SHA1
15e1ddb1555ae0dfa4626c310f6811bc8536e1fa

SHA256
d80117b4bbdc8b91088d246d777ada78c52983a42de62cb2130e2f5128d0bdab

SHA512
7d5611320c31c694aee80005890e69466617394a34fdb425fa315b4e1b3b287af1186e4d2b6050f34a88bb80e67f0a278bc89b2603c86dcec756bfc5f858e7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.dll

Filesize
6.1MB

MD5
edcf13d3fcf440332ba7d0a5dc956546

SHA1
218b66e36c233e9adde31b1c68d35a08b8fbd0ca

SHA256
07900f5fe6a1f75b8d0a5c499539f800fbbacc7b882bf3f592a7e99e122a7f91

SHA512
e9c65a890c42014fcad4b428d28096d479fa3e057bdc4a22e75284bc316711cbe9fd032e04e59b6a6b422a0ca24cbb6d3567c7404c44bf6dfc3980078b61ccb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
7.2MB

MD5
42ccb2adb5c296a5eda3f3d505dc4044

SHA1
2c68b70e26c1d3b0e24e9bee13b5f9ab31d8a813

SHA256
93533eb77671810b187a73a69a888551b2a09925ea064505ea286d8034c4cbe6

SHA512
550564e8721f29066c13af462cf176b70b310ea2c22d47c65475156a83bb567ace2e0547158efba7138864c41d8d253dfef29bef26d908f44b93becbb83c7d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
7.2MB

MD5
42ccb2adb5c296a5eda3f3d505dc4044

SHA1
2c68b70e26c1d3b0e24e9bee13b5f9ab31d8a813

SHA256
93533eb77671810b187a73a69a888551b2a09925ea064505ea286d8034c4cbe6

SHA512
550564e8721f29066c13af462cf176b70b310ea2c22d47c65475156a83bb567ace2e0547158efba7138864c41d8d253dfef29bef26d908f44b93becbb83c7d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
7.2MB

MD5
42ccb2adb5c296a5eda3f3d505dc4044

SHA1
2c68b70e26c1d3b0e24e9bee13b5f9ab31d8a813

SHA256
93533eb77671810b187a73a69a888551b2a09925ea064505ea286d8034c4cbe6

SHA512
550564e8721f29066c13af462cf176b70b310ea2c22d47c65475156a83bb567ace2e0547158efba7138864c41d8d253dfef29bef26d908f44b93becbb83c7d1c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\evb96B8.tmp

Filesize
1KB

MD5
2c06818cb38d62e254f8fab1069e5bae

SHA1
15e1ddb1555ae0dfa4626c310f6811bc8536e1fa

SHA256
d80117b4bbdc8b91088d246d777ada78c52983a42de62cb2130e2f5128d0bdab

SHA512
7d5611320c31c694aee80005890e69466617394a34fdb425fa315b4e1b3b287af1186e4d2b6050f34a88bb80e67f0a278bc89b2603c86dcec756bfc5f858e7d3

Download Submit
memory/2052-156-0x00007FFD60140000-0x00007FFD60150000-memory.dmp

Filesize
64KB

Download
memory/2052-138-0x00007FFD60140000-0x00007FFD60150000-memory.dmp

Filesize
64KB

Download
memory/4600-174-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4600-202-0x0000000010000000-0x00000000100DF000-memory.dmp

Filesize
892KB

Download
memory/4600-207-0x0000000075C00000-0x0000000075C10000-memory.dmp

Filesize
64KB

Download
memory/4600-181-0x0000000075C00000-0x0000000075C10000-memory.dmp

Filesize
64KB

Download
memory/4600-178-0x0000000010000000-0x00000000100DF000-memory.dmp

Filesize
892KB

Download
memory/4600-237-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4600-238-0x0000000010000000-0x00000000100DF000-memory.dmp

Filesize
892KB

Download
memory/4936-216-0x0000000010000000-0x00000000100DF000-memory.dmp

Filesize
892KB

Download
memory/4936-209-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4936-226-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4936-227-0x0000000010000000-0x00000000100DF000-memory.dmp

Filesize
892KB

Download