c62a42d1b9a25205c267477964669c0846a58e4f72c391f3c0c42c90e8f521e6

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.0MB
MD5

6ed49cb6d6bebf6a40690ba33490aae1
SHA1

b0293bf214df9bb8a977ce16c04321f842045235
SHA256

c62a42d1b9a25205c267477964669c0846a58e4f72c391f3c0c42c90e8f521e6
SHA512

0f1ad97d1b1ad325e15f7a2ce0426daae4ccb64fc4f6725346e2c11e1598a724f969167a340c70ab3414f3b3324debfae1286fa117a794886ddea91a2988796c
SSDEEP

24576:Wyi0Z26zdiGbrV17vaOiRIKak1AQtCy9K99/+f/+jTI:lXl/dvhqIjk69f95oWjT

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	AppLaunch.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	AppLaunch.exe

Executes dropped EXE 4 IoCs

pid	Process
2600	CB8SO99.exe
2720	PR1WJ78.exe
2632	nu2Wv46.exe
1720	1FE55Bm6.exe

Loads dropped DLL 12 IoCs

pid	Process
2188	file.exe
2600	CB8SO99.exe
2600	CB8SO99.exe
2720	PR1WJ78.exe
2720	PR1WJ78.exe
2632	nu2Wv46.exe
2632	nu2Wv46.exe
1720	1FE55Bm6.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	nu2Wv46.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	file.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	CB8SO99.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	PR1WJ78.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1720 set thread context of 2540	1720	1FE55Bm6.exe	32

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2680	1720	WerFault.exe	31

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2540	AppLaunch.exe
2540	AppLaunch.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2540	AppLaunch.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2188 wrote to memory of 2600	2188	file.exe	28
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2600 wrote to memory of 2720	2600	CB8SO99.exe	29
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2720 wrote to memory of 2632	2720	PR1WJ78.exe	30
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 2632 wrote to memory of 1720	2632	nu2Wv46.exe	31
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2540	1720	1FE55Bm6.exe	32
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33
PID 1720 wrote to memory of 2680	1720	1FE55Bm6.exe	33

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CB8SO99.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CB8SO99.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PR1WJ78.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PR1WJ78.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\nu2Wv46.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\nu2Wv46.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1720
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        Modifies Windows Defender Real-time Protection settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 272
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CB8SO99.exe

Filesize
918KB

MD5
1a61c244291ed7aaec46db6abcd65d2a

SHA1
e9787ef9ce2197734066eefa5e5a2f0805808003

SHA256
e38466bad8607721b470f2c55bb9a860f310776b2cc9fc02cc927ae2b252684f

SHA512
7295d0bdd0c0cec58a0058c5454dc47a52c7ed3c1c9f649fb27139d55ca50a38803406e40bb6db69e96fd2209b1d5ba3b8ce94e3384a7aa8dc69c792b459af01

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CB8SO99.exe

Filesize
918KB

MD5
1a61c244291ed7aaec46db6abcd65d2a

SHA1
e9787ef9ce2197734066eefa5e5a2f0805808003

SHA256
e38466bad8607721b470f2c55bb9a860f310776b2cc9fc02cc927ae2b252684f

SHA512
7295d0bdd0c0cec58a0058c5454dc47a52c7ed3c1c9f649fb27139d55ca50a38803406e40bb6db69e96fd2209b1d5ba3b8ce94e3384a7aa8dc69c792b459af01

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PR1WJ78.exe

Filesize
628KB

MD5
4387c01d2944c83bec8d2fca46367b5e

SHA1
038072f51b2d195b150d8feb106af1eabe87c901

SHA256
8a1ffc014d879d66ec38ad2e13cc9f5bf346303e972ddee6244340c5bd5a3831

SHA512
049086795ea57b4f4278e28b016784173651cd539b143b4021ca5b8f53d7208a5a2665641b9c913aecee1345a287dba5e0e7d0294a21ddc85702d55cbbe66d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\PR1WJ78.exe

Filesize
628KB

MD5
4387c01d2944c83bec8d2fca46367b5e

SHA1
038072f51b2d195b150d8feb106af1eabe87c901

SHA256
8a1ffc014d879d66ec38ad2e13cc9f5bf346303e972ddee6244340c5bd5a3831

SHA512
049086795ea57b4f4278e28b016784173651cd539b143b4021ca5b8f53d7208a5a2665641b9c913aecee1345a287dba5e0e7d0294a21ddc85702d55cbbe66d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\nu2Wv46.exe

Filesize
389KB

MD5
c064e3179d74c077337b58c92bffa3e2

SHA1
258a714c760403ed54388c28877d8407b46e4247

SHA256
cb573815ad4638928b45c2dbc7ff533e05a900b729bb66e36f324c8107d5eb2b

SHA512
e1e36a1f31d84e108749817db12973bf8bc48055c803bb5e08630c27ff78359d9f017221ae2076445f599d2f9101b74ff193ef061ecbfd532ba2bb171cf4eb2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\nu2Wv46.exe

Filesize
389KB

MD5
c064e3179d74c077337b58c92bffa3e2

SHA1
258a714c760403ed54388c28877d8407b46e4247

SHA256
cb573815ad4638928b45c2dbc7ff533e05a900b729bb66e36f324c8107d5eb2b

SHA512
e1e36a1f31d84e108749817db12973bf8bc48055c803bb5e08630c27ff78359d9f017221ae2076445f599d2f9101b74ff193ef061ecbfd532ba2bb171cf4eb2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\CB8SO99.exe

Filesize
918KB

MD5
1a61c244291ed7aaec46db6abcd65d2a

SHA1
e9787ef9ce2197734066eefa5e5a2f0805808003

SHA256
e38466bad8607721b470f2c55bb9a860f310776b2cc9fc02cc927ae2b252684f

SHA512
7295d0bdd0c0cec58a0058c5454dc47a52c7ed3c1c9f649fb27139d55ca50a38803406e40bb6db69e96fd2209b1d5ba3b8ce94e3384a7aa8dc69c792b459af01

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\CB8SO99.exe

Filesize
918KB

MD5
1a61c244291ed7aaec46db6abcd65d2a

SHA1
e9787ef9ce2197734066eefa5e5a2f0805808003

SHA256
e38466bad8607721b470f2c55bb9a860f310776b2cc9fc02cc927ae2b252684f

SHA512
7295d0bdd0c0cec58a0058c5454dc47a52c7ed3c1c9f649fb27139d55ca50a38803406e40bb6db69e96fd2209b1d5ba3b8ce94e3384a7aa8dc69c792b459af01

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\PR1WJ78.exe

Filesize
628KB

MD5
4387c01d2944c83bec8d2fca46367b5e

SHA1
038072f51b2d195b150d8feb106af1eabe87c901

SHA256
8a1ffc014d879d66ec38ad2e13cc9f5bf346303e972ddee6244340c5bd5a3831

SHA512
049086795ea57b4f4278e28b016784173651cd539b143b4021ca5b8f53d7208a5a2665641b9c913aecee1345a287dba5e0e7d0294a21ddc85702d55cbbe66d64

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\PR1WJ78.exe

Filesize
628KB

MD5
4387c01d2944c83bec8d2fca46367b5e

SHA1
038072f51b2d195b150d8feb106af1eabe87c901

SHA256
8a1ffc014d879d66ec38ad2e13cc9f5bf346303e972ddee6244340c5bd5a3831

SHA512
049086795ea57b4f4278e28b016784173651cd539b143b4021ca5b8f53d7208a5a2665641b9c913aecee1345a287dba5e0e7d0294a21ddc85702d55cbbe66d64

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\nu2Wv46.exe

Filesize
389KB

MD5
c064e3179d74c077337b58c92bffa3e2

SHA1
258a714c760403ed54388c28877d8407b46e4247

SHA256
cb573815ad4638928b45c2dbc7ff533e05a900b729bb66e36f324c8107d5eb2b

SHA512
e1e36a1f31d84e108749817db12973bf8bc48055c803bb5e08630c27ff78359d9f017221ae2076445f599d2f9101b74ff193ef061ecbfd532ba2bb171cf4eb2a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\nu2Wv46.exe

Filesize
389KB

MD5
c064e3179d74c077337b58c92bffa3e2

SHA1
258a714c760403ed54388c28877d8407b46e4247

SHA256
cb573815ad4638928b45c2dbc7ff533e05a900b729bb66e36f324c8107d5eb2b

SHA512
e1e36a1f31d84e108749817db12973bf8bc48055c803bb5e08630c27ff78359d9f017221ae2076445f599d2f9101b74ff193ef061ecbfd532ba2bb171cf4eb2a

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\1FE55Bm6.exe

Filesize
232KB

MD5
3ff825411b1fe07e712a5dcae34f80eb

SHA1
e3e4358cabfa74d6e36e26754b01ed78434a6877

SHA256
69bba958a5dcd8650921b25d978c4847819eb83adc143ba2bd396811d7d73739

SHA512
325c098b5a0a0ffee16a6074616126f9f4c7930b74507d38c63a294f659ab26fe1674af85a8ff495bd268aa821cc9d85f80f11ab1e7f828015920220e456ab81

Download Submit
memory/2540-40-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2540-41-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2540-42-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2540-43-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2540-44-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2540-45-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2540-47-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2540-49-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download