c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f

Analysis

max time kernel
127s
max time network
294s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
30-08-2023 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe
Size

1.3MB
MD5

7b9e51830ca279f231efe1aea149c607
SHA1

8719690061691d5301927df5f9e4450f9872b2f6
SHA256

c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f
SHA512

f1caa659ae970707069f5f82ea45e4f0923f73ab8b111137bc1471fe017bbe0762011653dc4a37ff6d6679a7c5c553a030b5a9f9da5677181912ba38c55e7271
SSDEEP

24576:o80iztSjOYYELrf92tsedlF0dI5C0f7ggiGZduAEWFndCm6+EbE6PzFZ:j0izGOYYELrV2tsedlF0dI5C0f7ggiGI

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000\Software\Microsoft\Windows\CurrentVersion\Run\AppLaunch = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\""	AppLaunch.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	ip-api.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2724 set thread context of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	AppLaunch.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
404	2724	WerFault.exe	69

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4240	schtasks.exe
3244	schtasks.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2464	powershell.exe
2464	powershell.exe
2464	powershell.exe
5040	powershell.exe
5040	powershell.exe
5040	powershell.exe
3516	powershell.exe
3516	powershell.exe
3516	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2464	powershell.exe
Token: SeDebugPrivilege	5040	powershell.exe
Token: SeDebugPrivilege	3516	powershell.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 4800	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	71
PID 2724 wrote to memory of 4800	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	71
PID 2724 wrote to memory of 4800	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	71
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 2724 wrote to memory of 4132	2724	c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe	72
PID 4132 wrote to memory of 2464	4132	AppLaunch.exe	75
PID 4132 wrote to memory of 2464	4132	AppLaunch.exe	75
PID 4132 wrote to memory of 2464	4132	AppLaunch.exe	75
PID 2464 wrote to memory of 5040	2464	powershell.exe	77
PID 2464 wrote to memory of 5040	2464	powershell.exe	77
PID 2464 wrote to memory of 5040	2464	powershell.exe	77
PID 4132 wrote to memory of 4240	4132	AppLaunch.exe	79
PID 4132 wrote to memory of 4240	4132	AppLaunch.exe	79
PID 4132 wrote to memory of 4240	4132	AppLaunch.exe	79
PID 4132 wrote to memory of 3516	4132	AppLaunch.exe	80
PID 4132 wrote to memory of 3516	4132	AppLaunch.exe	80
PID 4132 wrote to memory of 3516	4132	AppLaunch.exe	80
PID 4132 wrote to memory of 3244	4132	AppLaunch.exe	83
PID 4132 wrote to memory of 3244	4132	AppLaunch.exe	83
PID 4132 wrote to memory of 3244	4132	AppLaunch.exe	83

C:\Users\Admin\AppData\Local\Temp\c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe
"C:\Users\Admin\AppData\Local\Temp\c219e61d60bfd68b452f62dc0754e73570db1743c770bc6bc1f9c1d66207d04f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4800
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4132
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell "Start-Process <#vkelmambwbd#> powershell <#vkelmambwbd#> -Verb <#vkelmambwbd#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5040
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 11:38 /f /tn WindowsSecurityUpdate_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"
    3⤵
    - Creates scheduled task(s)
    PID:4240
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3516
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 11:38 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    - Creates scheduled task(s)
    PID:3244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 128
  2⤵
  - Program crash
  PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
6bf0e5945fb9da68e1b03bdaed5f6f8d

SHA1
eed3802c8e4abe3b327c100c99c53d3bbcf8a33d

SHA256
dda58fd16fee83a65c05936b1a070187f2c360024650ecaf857c5e060a6a55f1

SHA512
977a393fdad2b162aa42194ddad6ec8bcab24f81980ff01b1c22c4d59ac268bb5ce947105c968de1a8a66b35023280a1e7709dfea5053385f87141389ebecb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
43ee917a89ec1ea8fc472886d3833f29

SHA1
495eeaf191df0ec12aef741d271267796802edba

SHA256
cb3d5544711d17c45ce7633180f914b88aadc16a15125d2971b2476b1a39e364

SHA512
819f85260dc0280e8a7ec3d0183a404cbff36bb44e21558aefb6ad220197424c9ef626270d9a42d5d210ead04ee70aab23f5436ad853db12f84f766519905a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
9ced45e2cfc8622ef1a5f900ffdacc78

SHA1
67ad1e198a591fc160ceb48946b8f1753769fcc1

SHA256
877c107fe4a505311596d3cca0c08cb3d26b1461d905cbcd164e29c3618a039d

SHA512
eb74224821bc70bb0d3ca48b3be09237933c271218c7270f246ea6077a149b7072baef45932f66fabb1577339a3c5a945c19d222c7a8d2c2c5bef0e71d5b2d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ngnracos.yhb.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/2464-189-0x0000000007430000-0x0000000007496000-memory.dmp

Filesize
408KB

Download
memory/2464-208-0x0000000008C50000-0x0000000008CE4000-memory.dmp

Filesize
592KB

Download
memory/2464-183-0x0000000004390000-0x00000000043A0000-memory.dmp

Filesize
64KB

Download
memory/2464-184-0x0000000004260000-0x0000000004296000-memory.dmp

Filesize
216KB

Download
memory/2464-185-0x0000000004390000-0x00000000043A0000-memory.dmp

Filesize
64KB

Download
memory/2464-186-0x0000000006D90000-0x00000000073B8000-memory.dmp

Filesize
6.2MB

Download
memory/2464-227-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/2464-218-0x0000000004390000-0x00000000043A0000-memory.dmp

Filesize
64KB

Download
memory/2464-211-0x00000000091F0000-0x00000000096EE000-memory.dmp

Filesize
5.0MB

Download
memory/2464-210-0x0000000008BE0000-0x0000000008C02000-memory.dmp

Filesize
136KB

Download
memory/2464-209-0x0000000008B70000-0x0000000008B8A000-memory.dmp

Filesize
104KB

Download
memory/2464-187-0x0000000006CD0000-0x0000000006CF2000-memory.dmp

Filesize
136KB

Download
memory/2464-188-0x00000000075A0000-0x0000000007606000-memory.dmp

Filesize
408KB

Download
memory/2464-193-0x0000000007D50000-0x0000000007DC6000-memory.dmp

Filesize
472KB

Download
memory/2464-192-0x0000000007F90000-0x0000000007FDB000-memory.dmp

Filesize
300KB

Download
memory/2464-191-0x0000000007410000-0x000000000742C000-memory.dmp

Filesize
112KB

Download
memory/2464-190-0x00000000076F0000-0x0000000007A40000-memory.dmp

Filesize
3.3MB

Download
memory/2464-182-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/3516-722-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/3516-403-0x0000000006730000-0x0000000006740000-memory.dmp

Filesize
64KB

Download
memory/3516-503-0x0000000006730000-0x0000000006740000-memory.dmp

Filesize
64KB

Download
memory/3516-498-0x000000007EBF0000-0x000000007EC00000-memory.dmp

Filesize
64KB

Download
memory/3516-397-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/3516-400-0x0000000006730000-0x0000000006740000-memory.dmp

Filesize
64KB

Download
memory/4132-25-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-27-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-30-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-31-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-32-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-33-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-34-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-36-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-35-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-37-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-38-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-39-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-40-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-41-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-42-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-44-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-45-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-43-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-46-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-47-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-48-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-49-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-51-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-50-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-52-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-53-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-54-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-55-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-56-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-57-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-58-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-59-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-60-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-61-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-62-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-63-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-64-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-72-0x00000000772D2000-0x00000000772D3000-memory.dmp

Filesize
4KB

Download
memory/4132-112-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/4132-28-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-0-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/4132-29-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-22-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-26-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-24-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-23-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-21-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-20-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-18-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-19-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-17-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-16-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-15-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-14-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-13-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-12-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-11-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-1-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/4132-2-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/4132-4-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/4132-9-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-10-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-5-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-3-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-7-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-8-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/4132-6-0x00000000FEC00000-0x00000000FEC10000-memory.dmp

Filesize
64KB

Download
memory/5040-477-0x00000000072D0000-0x00000000072EA000-memory.dmp

Filesize
104KB

Download
memory/5040-380-0x0000000007050000-0x0000000007060000-memory.dmp

Filesize
64KB

Download
memory/5040-393-0x0000000007050000-0x0000000007060000-memory.dmp

Filesize
64KB

Download
memory/5040-252-0x0000000007050000-0x0000000007060000-memory.dmp

Filesize
64KB

Download
memory/5040-251-0x0000000009AB0000-0x0000000009B55000-memory.dmp

Filesize
660KB

Download
memory/5040-246-0x00000000096A0000-0x00000000096BE000-memory.dmp

Filesize
120KB

Download
memory/5040-376-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/5040-484-0x00000000072C0000-0x00000000072C8000-memory.dmp

Filesize
32KB

Download
memory/5040-223-0x0000000007050000-0x0000000007060000-memory.dmp

Filesize
64KB

Download
memory/5040-245-0x00000000096C0000-0x00000000096F3000-memory.dmp

Filesize
204KB

Download
memory/5040-495-0x0000000007050000-0x0000000007060000-memory.dmp

Filesize
64KB

Download
memory/5040-578-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/5040-221-0x0000000071F70000-0x000000007265E000-memory.dmp

Filesize
6.9MB

Download
memory/5040-222-0x0000000007050000-0x0000000007060000-memory.dmp

Filesize
64KB

Download