4b2cf734a9445d26b4cd0105201beda40f0030fa6696771f914d73940b4de4d7

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.1MB
MD5

18c40733fb38d25befffc2a5519125fe
SHA1

4c78751a2781324962dcea5fff0d45fe2303210e
SHA256

4b2cf734a9445d26b4cd0105201beda40f0030fa6696771f914d73940b4de4d7
SHA512

876f6006bf67a6739394fc46b6b944b4ec9f26ed8118c58b1eadedb2c8150ced96bc8bfa1808de9b985853eefd675c7e602d1cc522726f98da5c797b9511771a
SSDEEP

24576:Nyn5/PNXQr4thzzIOdN5+d0gNayNSXaX3LPFoHGnPtM:o5xQrSdCwyNj3LPFomP

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	AppLaunch.exe

Executes dropped EXE 4 IoCs

pid	Process
2452	ab7tG50.exe
2652	rE3xu90.exe
2728	PO6yx19.exe
2800	1BF35uC0.exe

Loads dropped DLL 12 IoCs

pid	Process
2412	file.exe
2452	ab7tG50.exe
2452	ab7tG50.exe
2652	rE3xu90.exe
2652	rE3xu90.exe
2728	PO6yx19.exe
2728	PO6yx19.exe
2800	1BF35uC0.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	file.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	ab7tG50.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	rE3xu90.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	PO6yx19.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2800 set thread context of 2640	2800	1BF35uC0.exe	32

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2924	2800	WerFault.exe	31

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2640	AppLaunch.exe
2640	AppLaunch.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2640	AppLaunch.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2412 wrote to memory of 2452	2412	file.exe	28
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2452 wrote to memory of 2652	2452	ab7tG50.exe	29
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2652 wrote to memory of 2728	2652	rE3xu90.exe	30
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2728 wrote to memory of 2800	2728	PO6yx19.exe	31
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2640	2800	1BF35uC0.exe	32
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33
PID 2800 wrote to memory of 2924	2800	1BF35uC0.exe	33

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ab7tG50.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ab7tG50.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rE3xu90.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rE3xu90.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\PO6yx19.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\PO6yx19.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2800
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        Modifies Windows Defender Real-time Protection settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 284
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ab7tG50.exe

Filesize
953KB

MD5
64818538c2e95ee869224bf9749a20b5

SHA1
92b71560b0c415795dc8f36d4856c46c0ee5cf6e

SHA256
dc9dd26cf34ec25e8c59f1b167d6a2e140f21ee79b5e96a54ac373bf87ac9381

SHA512
aad9d6685d6d478bcd1026ee25c95ff6cc34d453b00b4c99c60cb80a56a1fdc6126948426089ad8c3bfa81d9605740193a3e19be695a692e2574880200d97187

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ab7tG50.exe

Filesize
953KB

MD5
64818538c2e95ee869224bf9749a20b5

SHA1
92b71560b0c415795dc8f36d4856c46c0ee5cf6e

SHA256
dc9dd26cf34ec25e8c59f1b167d6a2e140f21ee79b5e96a54ac373bf87ac9381

SHA512
aad9d6685d6d478bcd1026ee25c95ff6cc34d453b00b4c99c60cb80a56a1fdc6126948426089ad8c3bfa81d9605740193a3e19be695a692e2574880200d97187

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rE3xu90.exe

Filesize
651KB

MD5
e693a4bb2ad674ac4bb7524ab3f25596

SHA1
8a15bd8c0edd9548507dd7709e72617592177292

SHA256
b661805b166c28d8582f3b82f1bf2f9621fe1e68fb82bf8cb58b5e9b48772b15

SHA512
88ba122d52051e791895ceb1fbb634cbc09908a4f868da2a0009fda35136eacf2de1444ba04c8b245bddb0d6243f8cb45310c00d6f24e276e2ba950d27837735

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rE3xu90.exe

Filesize
651KB

MD5
e693a4bb2ad674ac4bb7524ab3f25596

SHA1
8a15bd8c0edd9548507dd7709e72617592177292

SHA256
b661805b166c28d8582f3b82f1bf2f9621fe1e68fb82bf8cb58b5e9b48772b15

SHA512
88ba122d52051e791895ceb1fbb634cbc09908a4f868da2a0009fda35136eacf2de1444ba04c8b245bddb0d6243f8cb45310c00d6f24e276e2ba950d27837735

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\PO6yx19.exe

Filesize
399KB

MD5
67e0d1bf14ec8e1e10f8004e27012613

SHA1
af3cf11a2755d2f376ae7569229a8c96ebfa0258

SHA256
aa24652c17b925567ab9fe43b7bb09a4daa3cc18535fb777a2e7bb5733533c02

SHA512
ad919ca74f0b29a04ecfe61b5ee1cf86c25c27a2f7d39c574a72e961ddc88836fc7db43bb0835d421013743242f56d207f539aa48a9a4fc6747e25a86ac27d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\PO6yx19.exe

Filesize
399KB

MD5
67e0d1bf14ec8e1e10f8004e27012613

SHA1
af3cf11a2755d2f376ae7569229a8c96ebfa0258

SHA256
aa24652c17b925567ab9fe43b7bb09a4daa3cc18535fb777a2e7bb5733533c02

SHA512
ad919ca74f0b29a04ecfe61b5ee1cf86c25c27a2f7d39c574a72e961ddc88836fc7db43bb0835d421013743242f56d207f539aa48a9a4fc6747e25a86ac27d2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ab7tG50.exe

Filesize
953KB

MD5
64818538c2e95ee869224bf9749a20b5

SHA1
92b71560b0c415795dc8f36d4856c46c0ee5cf6e

SHA256
dc9dd26cf34ec25e8c59f1b167d6a2e140f21ee79b5e96a54ac373bf87ac9381

SHA512
aad9d6685d6d478bcd1026ee25c95ff6cc34d453b00b4c99c60cb80a56a1fdc6126948426089ad8c3bfa81d9605740193a3e19be695a692e2574880200d97187

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ab7tG50.exe

Filesize
953KB

MD5
64818538c2e95ee869224bf9749a20b5

SHA1
92b71560b0c415795dc8f36d4856c46c0ee5cf6e

SHA256
dc9dd26cf34ec25e8c59f1b167d6a2e140f21ee79b5e96a54ac373bf87ac9381

SHA512
aad9d6685d6d478bcd1026ee25c95ff6cc34d453b00b4c99c60cb80a56a1fdc6126948426089ad8c3bfa81d9605740193a3e19be695a692e2574880200d97187

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rE3xu90.exe

Filesize
651KB

MD5
e693a4bb2ad674ac4bb7524ab3f25596

SHA1
8a15bd8c0edd9548507dd7709e72617592177292

SHA256
b661805b166c28d8582f3b82f1bf2f9621fe1e68fb82bf8cb58b5e9b48772b15

SHA512
88ba122d52051e791895ceb1fbb634cbc09908a4f868da2a0009fda35136eacf2de1444ba04c8b245bddb0d6243f8cb45310c00d6f24e276e2ba950d27837735

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rE3xu90.exe

Filesize
651KB

MD5
e693a4bb2ad674ac4bb7524ab3f25596

SHA1
8a15bd8c0edd9548507dd7709e72617592177292

SHA256
b661805b166c28d8582f3b82f1bf2f9621fe1e68fb82bf8cb58b5e9b48772b15

SHA512
88ba122d52051e791895ceb1fbb634cbc09908a4f868da2a0009fda35136eacf2de1444ba04c8b245bddb0d6243f8cb45310c00d6f24e276e2ba950d27837735

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\PO6yx19.exe

Filesize
399KB

MD5
67e0d1bf14ec8e1e10f8004e27012613

SHA1
af3cf11a2755d2f376ae7569229a8c96ebfa0258

SHA256
aa24652c17b925567ab9fe43b7bb09a4daa3cc18535fb777a2e7bb5733533c02

SHA512
ad919ca74f0b29a04ecfe61b5ee1cf86c25c27a2f7d39c574a72e961ddc88836fc7db43bb0835d421013743242f56d207f539aa48a9a4fc6747e25a86ac27d2c

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\PO6yx19.exe

Filesize
399KB

MD5
67e0d1bf14ec8e1e10f8004e27012613

SHA1
af3cf11a2755d2f376ae7569229a8c96ebfa0258

SHA256
aa24652c17b925567ab9fe43b7bb09a4daa3cc18535fb777a2e7bb5733533c02

SHA512
ad919ca74f0b29a04ecfe61b5ee1cf86c25c27a2f7d39c574a72e961ddc88836fc7db43bb0835d421013743242f56d207f539aa48a9a4fc6747e25a86ac27d2c

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1BF35uC0.exe

Filesize
276KB

MD5
67f171b0317481e8cb3409abf30bd993

SHA1
6f8f6f7f8273c17c3d616772afe421110d350364

SHA256
61489a08cf38b357365c9b47bb371dbdeb68f00b4a2118ffb292908872270e3b

SHA512
5cd08e9266fca332cdc8703d9dbe3b91af3f4b647e71d44d31617b0561cb4060f6cb74ea057b9aff16ae1af34819cc1c6c44f61becc0d5cb77963f94c599391f

Download Submit
memory/2640-40-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2640-41-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2640-42-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2640-43-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2640-45-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2640-44-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2640-47-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2640-49-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download