148b06879b0d52f2c9a42e45ced9a99fa62bc4fcc0634257a72abcd5148b6104

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.1MB
MD5

ba8aa599a7b57f8b7bd935a471b21b86
SHA1

f337411ad1e0e55811d79e44e7468681502a7838
SHA256

148b06879b0d52f2c9a42e45ced9a99fa62bc4fcc0634257a72abcd5148b6104
SHA512

e0771a972cae3f327f39fc4fcd575660c73458f3d079d06902fa6b071ccd852bf1d0613942ff5761b7e2b881548d29f58c184fb5688654dea8603cf5299937bd
SSDEEP

24576:Ay3Oz1Vq05o78/FKkTQvwMOGmyjzTuyaqk:H3O5V9S85Sw4zTuy

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	AppLaunch.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	AppLaunch.exe

Executes dropped EXE 4 IoCs

pid	Process
1076	EH1AB78.exe
1356	hI2xl93.exe
3032	DR4vJ64.exe
2752	1Yk90jO3.exe

Loads dropped DLL 12 IoCs

pid	Process
1944	file.exe
1076	EH1AB78.exe
1076	EH1AB78.exe
1356	hI2xl93.exe
1356	hI2xl93.exe
3032	DR4vJ64.exe
3032	DR4vJ64.exe
2752	1Yk90jO3.exe
2860	WerFault.exe
2860	WerFault.exe
2860	WerFault.exe
2860	WerFault.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	hI2xl93.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	DR4vJ64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	file.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	EH1AB78.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2752 set thread context of 2628	2752	1Yk90jO3.exe	32

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2860	2752	WerFault.exe	31

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2628	AppLaunch.exe
2628	AppLaunch.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2628	AppLaunch.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1944 wrote to memory of 1076	1944	file.exe	28
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1076 wrote to memory of 1356	1076	EH1AB78.exe	29
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 1356 wrote to memory of 3032	1356	hI2xl93.exe	30
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 3032 wrote to memory of 2752	3032	DR4vJ64.exe	31
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2628	2752	1Yk90jO3.exe	32
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33
PID 2752 wrote to memory of 2860	2752	1Yk90jO3.exe	33

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\EH1AB78.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\EH1AB78.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1076
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hI2xl93.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hI2xl93.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\DR4vJ64.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\DR4vJ64.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2752
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        Modifies Windows Defender Real-time Protection settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 284
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\EH1AB78.exe

Filesize
958KB

MD5
e3d8dee7966487646b87311f2ab7df61

SHA1
255e6d2def78cab90feaf37d8437db8c1e0c9d0c

SHA256
acca43ec629dece9051163c68ec8372893d4697e9343bf5c505a8ed25bd7282b

SHA512
80a84b8ce84db9fe03673a57c9b2a72640775011b3f228dc997b2aad83d8f57041bb0ce68a03fd53a8238cc3f640c82a883684d7367802908712f2c9feb7c3c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\EH1AB78.exe

Filesize
958KB

MD5
e3d8dee7966487646b87311f2ab7df61

SHA1
255e6d2def78cab90feaf37d8437db8c1e0c9d0c

SHA256
acca43ec629dece9051163c68ec8372893d4697e9343bf5c505a8ed25bd7282b

SHA512
80a84b8ce84db9fe03673a57c9b2a72640775011b3f228dc997b2aad83d8f57041bb0ce68a03fd53a8238cc3f640c82a883684d7367802908712f2c9feb7c3c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hI2xl93.exe

Filesize
656KB

MD5
648f3f83cc75de9a2a3ebca5ddd0c085

SHA1
97c3629530595d3d2a401bbccaf45c343893af19

SHA256
c35308814454b8898549eae3f67b9f95bd00f7d58754a1019cb849c5cc879903

SHA512
b9dc3f0c6b2496b8bf867fa5ab9765f5ca932c2b7278287d51b0404c9f1b916fe39dd324e8d1ab6fca6aa1a4f4b93ca45c2c45309cb07b859e1bb5ba459ec8ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hI2xl93.exe

Filesize
656KB

MD5
648f3f83cc75de9a2a3ebca5ddd0c085

SHA1
97c3629530595d3d2a401bbccaf45c343893af19

SHA256
c35308814454b8898549eae3f67b9f95bd00f7d58754a1019cb849c5cc879903

SHA512
b9dc3f0c6b2496b8bf867fa5ab9765f5ca932c2b7278287d51b0404c9f1b916fe39dd324e8d1ab6fca6aa1a4f4b93ca45c2c45309cb07b859e1bb5ba459ec8ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\DR4vJ64.exe

Filesize
403KB

MD5
4abdf683bcda19b1341db85198d59099

SHA1
408a1494c9be064ee0f2839bdf68166082f13162

SHA256
5f5572a0d4ab50b4cbfaf055449ef21eea78d66bcb74efc3b72233bc6a18beae

SHA512
acaafd4d9bc35f98a8770f2b75ef294ec67fe5322a514194ad07f768193f833cae58ab3501bc1172e54f1eba3570728147fe739df62e8cef4bd35983adaed5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\DR4vJ64.exe

Filesize
403KB

MD5
4abdf683bcda19b1341db85198d59099

SHA1
408a1494c9be064ee0f2839bdf68166082f13162

SHA256
5f5572a0d4ab50b4cbfaf055449ef21eea78d66bcb74efc3b72233bc6a18beae

SHA512
acaafd4d9bc35f98a8770f2b75ef294ec67fe5322a514194ad07f768193f833cae58ab3501bc1172e54f1eba3570728147fe739df62e8cef4bd35983adaed5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\EH1AB78.exe

Filesize
958KB

MD5
e3d8dee7966487646b87311f2ab7df61

SHA1
255e6d2def78cab90feaf37d8437db8c1e0c9d0c

SHA256
acca43ec629dece9051163c68ec8372893d4697e9343bf5c505a8ed25bd7282b

SHA512
80a84b8ce84db9fe03673a57c9b2a72640775011b3f228dc997b2aad83d8f57041bb0ce68a03fd53a8238cc3f640c82a883684d7367802908712f2c9feb7c3c9

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\EH1AB78.exe

Filesize
958KB

MD5
e3d8dee7966487646b87311f2ab7df61

SHA1
255e6d2def78cab90feaf37d8437db8c1e0c9d0c

SHA256
acca43ec629dece9051163c68ec8372893d4697e9343bf5c505a8ed25bd7282b

SHA512
80a84b8ce84db9fe03673a57c9b2a72640775011b3f228dc997b2aad83d8f57041bb0ce68a03fd53a8238cc3f640c82a883684d7367802908712f2c9feb7c3c9

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\hI2xl93.exe

Filesize
656KB

MD5
648f3f83cc75de9a2a3ebca5ddd0c085

SHA1
97c3629530595d3d2a401bbccaf45c343893af19

SHA256
c35308814454b8898549eae3f67b9f95bd00f7d58754a1019cb849c5cc879903

SHA512
b9dc3f0c6b2496b8bf867fa5ab9765f5ca932c2b7278287d51b0404c9f1b916fe39dd324e8d1ab6fca6aa1a4f4b93ca45c2c45309cb07b859e1bb5ba459ec8ca

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\hI2xl93.exe

Filesize
656KB

MD5
648f3f83cc75de9a2a3ebca5ddd0c085

SHA1
97c3629530595d3d2a401bbccaf45c343893af19

SHA256
c35308814454b8898549eae3f67b9f95bd00f7d58754a1019cb849c5cc879903

SHA512
b9dc3f0c6b2496b8bf867fa5ab9765f5ca932c2b7278287d51b0404c9f1b916fe39dd324e8d1ab6fca6aa1a4f4b93ca45c2c45309cb07b859e1bb5ba459ec8ca

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\DR4vJ64.exe

Filesize
403KB

MD5
4abdf683bcda19b1341db85198d59099

SHA1
408a1494c9be064ee0f2839bdf68166082f13162

SHA256
5f5572a0d4ab50b4cbfaf055449ef21eea78d66bcb74efc3b72233bc6a18beae

SHA512
acaafd4d9bc35f98a8770f2b75ef294ec67fe5322a514194ad07f768193f833cae58ab3501bc1172e54f1eba3570728147fe739df62e8cef4bd35983adaed5b6

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\DR4vJ64.exe

Filesize
403KB

MD5
4abdf683bcda19b1341db85198d59099

SHA1
408a1494c9be064ee0f2839bdf68166082f13162

SHA256
5f5572a0d4ab50b4cbfaf055449ef21eea78d66bcb74efc3b72233bc6a18beae

SHA512
acaafd4d9bc35f98a8770f2b75ef294ec67fe5322a514194ad07f768193f833cae58ab3501bc1172e54f1eba3570728147fe739df62e8cef4bd35983adaed5b6

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Yk90jO3.exe

Filesize
277KB

MD5
16c62d7d591ca463a88aac31d5599fd4

SHA1
ece3e17d693084ed8ce3d822e9a1c51732494146

SHA256
9f920498d639433242ed859827d8071275ae16dde492e6099316f1b8cf1ed5dc

SHA512
0debcb0130199129f0467e5865d9b50000c0e05fb998b3f16a6992937e2ecd487580063603417da247f5a95a4a028bc1e04afb54a21ab7b4ddeca9863d5410fe

Download Submit
memory/2628-40-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2628-41-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2628-42-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2628-43-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2628-44-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2628-45-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2628-47-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2628-49-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download