4fee0bca77540a7d1dc2143464f076777950baaeeba6c07f3e3a679bf3e3094e

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.0MB
MD5

75ed7019ed6f5224bdde1b983e020d26
SHA1

5db5d82f7f049d81baa2ca67904ad0f4b9316334
SHA256

4fee0bca77540a7d1dc2143464f076777950baaeeba6c07f3e3a679bf3e3094e
SHA512

2c1eed6992babdbeb185ad6368fa4ae961ce39226bb7a3ce7eb8f28b2f79c0249d0e6cd6ab28e07887cebf0f1091cfc6a4d77502abc78b2556e6fb1440a3ac87
SSDEEP

24576:HyD+pHMlSRFCFOnafYGiLSDZ65xdmaYbJ+Myy:SD+pHM0RIFeaALSDix0h+My

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	AppLaunch.exe

Executes dropped EXE 4 IoCs

pid	Process
1660	ES5jg70.exe
3068	yc4yS82.exe
2644	qD5sK06.exe
2668	1gD65Bk1.exe

Loads dropped DLL 12 IoCs

pid	Process
2224	file.exe
1660	ES5jg70.exe
1660	ES5jg70.exe
3068	yc4yS82.exe
3068	yc4yS82.exe
2644	qD5sK06.exe
2644	qD5sK06.exe
2668	1gD65Bk1.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	file.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	ES5jg70.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	yc4yS82.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	qD5sK06.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2668 set thread context of 2816	2668	1gD65Bk1.exe	33

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2544	2668	WerFault.exe	31

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	AppLaunch.exe
2816	AppLaunch.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2816	AppLaunch.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 2224 wrote to memory of 1660	2224	file.exe	28
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 1660 wrote to memory of 3068	1660	ES5jg70.exe	29
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 3068 wrote to memory of 2644	3068	yc4yS82.exe	30
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2644 wrote to memory of 2668	2644	qD5sK06.exe	31
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2816	2668	1gD65Bk1.exe	33
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34
PID 2668 wrote to memory of 2544	2668	1gD65Bk1.exe	34

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ES5jg70.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ES5jg70.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yc4yS82.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yc4yS82.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qD5sK06.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qD5sK06.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2668
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        Modifies Windows Defender Real-time Protection settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 268
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ES5jg70.exe

Filesize
908KB

MD5
5cb5b0d617b76e884749f7316407c35a

SHA1
f623c9c1b0a53bc8f45c9326f32cb7f71acb498e

SHA256
1a5b1906ebe1a438619e61bf1e9aec294d29e0b048aba4542bf516a3bcfd6d22

SHA512
edb9051d87c8cbfcf95dbfc0894e9492e1c4a3240d34629809cad957af24070938129ffda5263f72dfd01a68b0768efb95950b3cb11764422cc4a8748021ca08

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ES5jg70.exe

Filesize
908KB

MD5
5cb5b0d617b76e884749f7316407c35a

SHA1
f623c9c1b0a53bc8f45c9326f32cb7f71acb498e

SHA256
1a5b1906ebe1a438619e61bf1e9aec294d29e0b048aba4542bf516a3bcfd6d22

SHA512
edb9051d87c8cbfcf95dbfc0894e9492e1c4a3240d34629809cad957af24070938129ffda5263f72dfd01a68b0768efb95950b3cb11764422cc4a8748021ca08

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yc4yS82.exe

Filesize
620KB

MD5
868c00a50d9136e54a3a9946698a6384

SHA1
09b4c86ffde7c8696d9c280e1e3d6a51ceac4fa8

SHA256
9247764d9372fd8dc8b8515059aae1cf3cc7aff8576e1b8ce6cf096a8bb6ed13

SHA512
6c8cc141dd69a8d4ee6976780ecf55572d1ba6dc1793a94c1236ba4760c1f026b51f80c09db17dd385f652fe2b7e143cab4a1d5118f848950cea4e61d2d0c097

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\yc4yS82.exe

Filesize
620KB

MD5
868c00a50d9136e54a3a9946698a6384

SHA1
09b4c86ffde7c8696d9c280e1e3d6a51ceac4fa8

SHA256
9247764d9372fd8dc8b8515059aae1cf3cc7aff8576e1b8ce6cf096a8bb6ed13

SHA512
6c8cc141dd69a8d4ee6976780ecf55572d1ba6dc1793a94c1236ba4760c1f026b51f80c09db17dd385f652fe2b7e143cab4a1d5118f848950cea4e61d2d0c097

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qD5sK06.exe

Filesize
382KB

MD5
0de59ca05242a60ca6c3294cf38a0b0e

SHA1
a2aa050b06b5c67a7162e21d44fcf375a462578e

SHA256
93cd10e8046159ee48e425109da69d9e418e0d12a5fe4430ecb7260d30418a12

SHA512
195103f18350122041b3202efaeddc93ad6feb0e5cd2dbb3c2575d728c2bdaf4622c0fad8c0ce6ed9daddb8d6663e161b201b2d67ba4368f99e00258e5fe09a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qD5sK06.exe

Filesize
382KB

MD5
0de59ca05242a60ca6c3294cf38a0b0e

SHA1
a2aa050b06b5c67a7162e21d44fcf375a462578e

SHA256
93cd10e8046159ee48e425109da69d9e418e0d12a5fe4430ecb7260d30418a12

SHA512
195103f18350122041b3202efaeddc93ad6feb0e5cd2dbb3c2575d728c2bdaf4622c0fad8c0ce6ed9daddb8d6663e161b201b2d67ba4368f99e00258e5fe09a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ES5jg70.exe

Filesize
908KB

MD5
5cb5b0d617b76e884749f7316407c35a

SHA1
f623c9c1b0a53bc8f45c9326f32cb7f71acb498e

SHA256
1a5b1906ebe1a438619e61bf1e9aec294d29e0b048aba4542bf516a3bcfd6d22

SHA512
edb9051d87c8cbfcf95dbfc0894e9492e1c4a3240d34629809cad957af24070938129ffda5263f72dfd01a68b0768efb95950b3cb11764422cc4a8748021ca08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ES5jg70.exe

Filesize
908KB

MD5
5cb5b0d617b76e884749f7316407c35a

SHA1
f623c9c1b0a53bc8f45c9326f32cb7f71acb498e

SHA256
1a5b1906ebe1a438619e61bf1e9aec294d29e0b048aba4542bf516a3bcfd6d22

SHA512
edb9051d87c8cbfcf95dbfc0894e9492e1c4a3240d34629809cad957af24070938129ffda5263f72dfd01a68b0768efb95950b3cb11764422cc4a8748021ca08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\yc4yS82.exe

Filesize
620KB

MD5
868c00a50d9136e54a3a9946698a6384

SHA1
09b4c86ffde7c8696d9c280e1e3d6a51ceac4fa8

SHA256
9247764d9372fd8dc8b8515059aae1cf3cc7aff8576e1b8ce6cf096a8bb6ed13

SHA512
6c8cc141dd69a8d4ee6976780ecf55572d1ba6dc1793a94c1236ba4760c1f026b51f80c09db17dd385f652fe2b7e143cab4a1d5118f848950cea4e61d2d0c097

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\yc4yS82.exe

Filesize
620KB

MD5
868c00a50d9136e54a3a9946698a6384

SHA1
09b4c86ffde7c8696d9c280e1e3d6a51ceac4fa8

SHA256
9247764d9372fd8dc8b8515059aae1cf3cc7aff8576e1b8ce6cf096a8bb6ed13

SHA512
6c8cc141dd69a8d4ee6976780ecf55572d1ba6dc1793a94c1236ba4760c1f026b51f80c09db17dd385f652fe2b7e143cab4a1d5118f848950cea4e61d2d0c097

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\qD5sK06.exe

Filesize
382KB

MD5
0de59ca05242a60ca6c3294cf38a0b0e

SHA1
a2aa050b06b5c67a7162e21d44fcf375a462578e

SHA256
93cd10e8046159ee48e425109da69d9e418e0d12a5fe4430ecb7260d30418a12

SHA512
195103f18350122041b3202efaeddc93ad6feb0e5cd2dbb3c2575d728c2bdaf4622c0fad8c0ce6ed9daddb8d6663e161b201b2d67ba4368f99e00258e5fe09a5

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\qD5sK06.exe

Filesize
382KB

MD5
0de59ca05242a60ca6c3294cf38a0b0e

SHA1
a2aa050b06b5c67a7162e21d44fcf375a462578e

SHA256
93cd10e8046159ee48e425109da69d9e418e0d12a5fe4430ecb7260d30418a12

SHA512
195103f18350122041b3202efaeddc93ad6feb0e5cd2dbb3c2575d728c2bdaf4622c0fad8c0ce6ed9daddb8d6663e161b201b2d67ba4368f99e00258e5fe09a5

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1gD65Bk1.exe

Filesize
237KB

MD5
ecde6f5cb9842494042bf7a8b10248f5

SHA1
5e33fc31675287d84c6c108866464a524b438b80

SHA256
cf447f699b077efb840d270332921ad8bacf58b2b90ccf8b59d51a23d1b19c93

SHA512
5e2a94feb336a8ca04cff5757d02a2b4eb56743cfa0948aac26f86b86d08f6154f1f0cc09fb82a9e862b7f337d28b8ebd2935659fd798f649ad4d86b67b7898a

Download Submit
memory/2816-40-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2816-44-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2816-47-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2816-49-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2816-45-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2816-43-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2816-42-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2816-41-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download