Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2023 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    458KB

  • MD5

    bfa40de5db5a15e0317dd72d982083dc

  • SHA1

    fb93616799e85771a028944148bad57b15d0289b

  • SHA256

    0feeb8481e07c0d5c1973f7a1644b788d56c9616c82ae0ce73505893664804a1

  • SHA512

    cb39b9299485795ea810cb8f36b65bb3b816c37b7edd580bacccfaa8f9c222e0ebe08418ebef28512a2e87fc0ed758d5c6b3c445dfa5900e64d911fded2043c0

  • SSDEEP

    6144:uK7EhfK4NKt9R8czLM0KGAFmLYYZMi/DQ/n0WvVhSOKi1UT:x7ElnUtkwLeNkZX/KvVcL

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3476
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4224
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3880
        • \??\c:\windows\system32\cmstp.exe
          "c:\windows\system32\cmstp.exe" /au C:\Users\Admin\AppData\Local\Temp\irdq4iho.inf
          4⤵
            PID:3420
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1120
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5072
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3308
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:644
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4336
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3456
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2352
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4780
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3048
    • C:\Windows\system32\taskkill.exe
      taskkill /IM cmstp.exe /F
      1⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2964

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
      Filesize

      2KB

      MD5

      d85ba6ff808d9e5444a4b369f5bc2730

      SHA1

      31aa9d96590fff6981b315e0b391b575e4c0804a

      SHA256

      84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

      SHA512

      8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      944B

      MD5

      6d3e9c29fe44e90aae6ed30ccf799ca8

      SHA1

      c7974ef72264bbdf13a2793ccf1aed11bc565dce

      SHA256

      2360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d

      SHA512

      60c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      944B

      MD5

      6d3e9c29fe44e90aae6ed30ccf799ca8

      SHA1

      c7974ef72264bbdf13a2793ccf1aed11bc565dce

      SHA256

      2360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d

      SHA512

      60c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      944B

      MD5

      cadef9abd087803c630df65264a6c81c

      SHA1

      babbf3636c347c8727c35f3eef2ee643dbcc4bd2

      SHA256

      cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438

      SHA512

      7278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      944B

      MD5

      cadef9abd087803c630df65264a6c81c

      SHA1

      babbf3636c347c8727c35f3eef2ee643dbcc4bd2

      SHA256

      cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438

      SHA512

      7278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qu0eb5wb.ymp.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\irdq4iho.inf
      Filesize

      619B

      MD5

      6f1420f2133f3e08fd8cdea0e1f5fe27

      SHA1

      3aa41ec75adc0cf50e001ca91bbfa7f763adf70b

      SHA256

      aed1ac2424a255f231168bcb02f16b6ea89603e0045465c2149abcde33a06242

      SHA512

      d5629e9835f881cd271e88d9ec2d2c27b9d5d1b25329ade5cfb9824a6358c9e98e66f1b89ac9459b4c540c02af2728129dd8523bdf007cadf28b5fa2d199a2aa

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      Filesize

      133KB

      MD5

      247976d7e405bfd0f716a3d5f2cd499b

      SHA1

      dbcf03a94b3cced51ebe42af6f860e8d898f2459

      SHA256

      c37430f6f2249e0faff20595f0677955cd2c1f727f94bff53f21ecc894e340f6

      SHA512

      664b189c6b99b8927bb6fdb52c2c3f0031e88edc1dac80c8f6da5682ac30f17f295bed739df56e4bb754dca773c9eeb4e4b56fc3c36ccda0ab182ad54dd7edad

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      Filesize

      133KB

      MD5

      247976d7e405bfd0f716a3d5f2cd499b

      SHA1

      dbcf03a94b3cced51ebe42af6f860e8d898f2459

      SHA256

      c37430f6f2249e0faff20595f0677955cd2c1f727f94bff53f21ecc894e340f6

      SHA512

      664b189c6b99b8927bb6fdb52c2c3f0031e88edc1dac80c8f6da5682ac30f17f295bed739df56e4bb754dca773c9eeb4e4b56fc3c36ccda0ab182ad54dd7edad

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      Filesize

      133KB

      MD5

      247976d7e405bfd0f716a3d5f2cd499b

      SHA1

      dbcf03a94b3cced51ebe42af6f860e8d898f2459

      SHA256

      c37430f6f2249e0faff20595f0677955cd2c1f727f94bff53f21ecc894e340f6

      SHA512

      664b189c6b99b8927bb6fdb52c2c3f0031e88edc1dac80c8f6da5682ac30f17f295bed739df56e4bb754dca773c9eeb4e4b56fc3c36ccda0ab182ad54dd7edad

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      Filesize

      339KB

      MD5

      301e8d9a2445dd999ce816c17d8dbbb3

      SHA1

      b91163babeb738bd4d0f577ac764cee17fffe564

      SHA256

      2ea1fa52a6896ce0100084e3696712d76b4d1e995ca0012954bae3107562a9eb

      SHA512

      4941a820d26206fa3e333419622c3b07c8ebdaad51d1c6976df912e9ec123ad39a0c67fb5c3e362658f8463b366892fc4575d4cc2ebe62c2011d10ed5eb6bba3

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      Filesize

      339KB

      MD5

      301e8d9a2445dd999ce816c17d8dbbb3

      SHA1

      b91163babeb738bd4d0f577ac764cee17fffe564

      SHA256

      2ea1fa52a6896ce0100084e3696712d76b4d1e995ca0012954bae3107562a9eb

      SHA512

      4941a820d26206fa3e333419622c3b07c8ebdaad51d1c6976df912e9ec123ad39a0c67fb5c3e362658f8463b366892fc4575d4cc2ebe62c2011d10ed5eb6bba3

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      Filesize

      339KB

      MD5

      301e8d9a2445dd999ce816c17d8dbbb3

      SHA1

      b91163babeb738bd4d0f577ac764cee17fffe564

      SHA256

      2ea1fa52a6896ce0100084e3696712d76b4d1e995ca0012954bae3107562a9eb

      SHA512

      4941a820d26206fa3e333419622c3b07c8ebdaad51d1c6976df912e9ec123ad39a0c67fb5c3e362658f8463b366892fc4575d4cc2ebe62c2011d10ed5eb6bba3

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
      Filesize

      10KB

      MD5

      8ca62e1f3f7edca67a5273d76fb500c0

      SHA1

      f2a3e8ff64bca7a4fb8d59e9b5057e2b881d80f3

      SHA256

      86c884bbd715562ca5f97743e2f9efa0041eef10c6856e21ee7b6c5c87c9f738

      SHA512

      936d2968a8e8106f734cb6f2a39c15bafa9cae177a3e52a59ef5832b541f7381da722316d77a4cbe2e07124d14986a29d1babb847c87c861d8b355fa8979e4f6

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
      Filesize

      10KB

      MD5

      8ca62e1f3f7edca67a5273d76fb500c0

      SHA1

      f2a3e8ff64bca7a4fb8d59e9b5057e2b881d80f3

      SHA256

      86c884bbd715562ca5f97743e2f9efa0041eef10c6856e21ee7b6c5c87c9f738

      SHA512

      936d2968a8e8106f734cb6f2a39c15bafa9cae177a3e52a59ef5832b541f7381da722316d77a4cbe2e07124d14986a29d1babb847c87c861d8b355fa8979e4f6

      Download Submit
    • memory/1120-210-0x000001ED22FB0000-0x000001ED22FD2000-memory.dmp
      Filesize

      136KB

      Download
    • memory/1120-236-0x000001ED211F0000-0x000001ED21200000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1120-284-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/1120-211-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/1120-217-0x000001ED211F0000-0x000001ED21200000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1120-216-0x000001ED211F0000-0x000001ED21200000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1120-276-0x000001ED3B260000-0x000001ED3B3AE000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1120-222-0x000001ED211F0000-0x000001ED21200000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2352-270-0x0000022223820000-0x0000022223830000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2352-266-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/2352-235-0x0000022223820000-0x0000022223830000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2352-289-0x000002223D860000-0x000002223D9AE000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2352-292-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3048-246-0x000001AEEBCF0000-0x000001AEEBD00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3048-294-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3048-267-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3048-293-0x000001AEEBE00000-0x000001AEEBF4E000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/3048-268-0x000001AEEBCF0000-0x000001AEEBD00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3308-219-0x00000251C1F40000-0x00000251C1F50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3308-221-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3308-273-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3308-218-0x00000251C1F40000-0x00000251C1F50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3308-283-0x00000251C2080000-0x00000251C21CE000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/3308-286-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3476-142-0x000000001BFB0000-0x000000001C04C000-memory.dmp
      Filesize

      624KB

      Download
    • memory/3476-141-0x000000001C210000-0x000000001C6DE000-memory.dmp
      Filesize

      4.8MB

      Download
    • memory/3476-134-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/3476-137-0x0000000000E10000-0x0000000000E3C000-memory.dmp
      Filesize

      176KB

      Download
    • memory/3476-136-0x0000000000D80000-0x0000000000D90000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3476-135-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/3476-140-0x000000001B9F0000-0x000000001BA96000-memory.dmp
      Filesize

      664KB

      Download
    • memory/3476-163-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/3476-133-0x0000000000460000-0x00000000004D8000-memory.dmp
      Filesize

      480KB

      Download
    • memory/3880-191-0x000000001B410000-0x000000001B420000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3880-195-0x000000001B410000-0x000000001B420000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3880-197-0x000000001B410000-0x000000001B420000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3880-188-0x00000000007A0000-0x00000000007C6000-memory.dmp
      Filesize

      152KB

      Download
    • memory/3880-190-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/3880-271-0x000000001B410000-0x000000001B420000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3880-272-0x000000001B410000-0x000000001B420000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3880-265-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/4224-164-0x0000000001370000-0x0000000001378000-memory.dmp
      Filesize

      32KB

      Download
    • memory/4224-162-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/4224-165-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/4224-189-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/4224-172-0x00007FFFD3700000-0x00007FFFD40A1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/4224-161-0x0000000000A80000-0x0000000000ADA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/4336-233-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/4336-285-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/4336-280-0x000001A91BEE0000-0x000001A91C02E000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/4336-269-0x000001A91BC60000-0x000001A91BC70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4336-234-0x000001A91BC60000-0x000001A91BC70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4336-232-0x000001A91BC60000-0x000001A91BC70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4460-204-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/4460-202-0x00007FFFD1100000-0x00007FFFD1BC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/4460-201-0x0000000000460000-0x0000000000468000-memory.dmp
      Filesize

      32KB

      Download