Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 07:09

General

  • Target

    8907586135286b9ddf05104c7c998ff8aa9abcf54a1dd9c55a65b0282661aa44.exe

  • Size

    1.1MB

  • MD5

    9f5d7cd7b2e53e74c5ff4ef6171c3137

  • SHA1

    dca750b0134526ea5b926d911f12f8f105fdd787

  • SHA256

    8907586135286b9ddf05104c7c998ff8aa9abcf54a1dd9c55a65b0282661aa44

  • SHA512

    8674af2b86e2da4afdc2c3357fb99047d41814517dc0555a31366a090d5ddfec8e54ca0fe00c377495df2628e4e76febd631580de3e10d583744ff7c4d9bf36c

  • SSDEEP

    24576:sy0bUtNygX5EqYObuQfiQCsDP6pDbDMme1hvSuSsc3B81y8DOd5:b0bCiDObuMeth6hvC3Ko8g

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 4 IoCs
  • Healer

    Healer an antivirus disabler dropper.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 16 IoCs
  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8907586135286b9ddf05104c7c998ff8aa9abcf54a1dd9c55a65b0282661aa44.exe
    "C:\Users\Admin\AppData\Local\Temp\8907586135286b9ddf05104c7c998ff8aa9abcf54a1dd9c55a65b0282661aa44.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z4129699.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z4129699.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z3625190.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z3625190.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:2304
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z3542495.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z3542495.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:2736
          • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z4907391.exe
            C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z4907391.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Suspicious use of WriteProcessMemory
            PID:2512
            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q8843010.exe
              C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q8843010.exe
              6⤵
              • Modifies Windows Defender Real-time Protection settings
              • Executes dropped EXE
              • Windows security modification
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:2300
            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe
              C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetThreadContext
              • Suspicious use of WriteProcessMemory
              PID:2676
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                7⤵
                • Suspicious use of WriteProcessMemory
                PID:2568
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 268
                  8⤵
                  • Program crash
                  PID:2680
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 268
                7⤵
                • Loads dropped DLL
                • Program crash
                PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z4129699.exe

    Filesize

    1.0MB

    MD5

    a91258b0fac584b95ea1987d2cc6eba1

    SHA1

    317ec5d2da30ffdc215efd67cd8d48ae484fb2e8

    SHA256

    50ef9e74ae151d59eff6f5dc94c75b7d186955cd2af3c52ec0ed04323d29818e

    SHA512

    2c5d77d9e89377e789170d62230ee511a2f5c31a669ec5612bf3544ea88f3031924ad154c5a950a73ccee3f72ced25736e624960cbd7f35355fa49446ba41f60

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z4129699.exe

    Filesize

    1.0MB

    MD5

    a91258b0fac584b95ea1987d2cc6eba1

    SHA1

    317ec5d2da30ffdc215efd67cd8d48ae484fb2e8

    SHA256

    50ef9e74ae151d59eff6f5dc94c75b7d186955cd2af3c52ec0ed04323d29818e

    SHA512

    2c5d77d9e89377e789170d62230ee511a2f5c31a669ec5612bf3544ea88f3031924ad154c5a950a73ccee3f72ced25736e624960cbd7f35355fa49446ba41f60

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z3625190.exe

    Filesize

    873KB

    MD5

    5790ed0a8f8c6b5b8caa7be8ecf64d7e

    SHA1

    7c08f9e613b45e4f26f87e30e31858e5aa0077d4

    SHA256

    abdf7930fe15bfe9e325a742fa6cac5f36b19a6fcacdf825dbcbb4c2bcdc05ff

    SHA512

    b3e19f4b88279152eafeedd2cd53dc3ed52be81bf5b74c60df57583f4246b1d3e17868e6f041ae9da94e538469860cc30a715759b890ceab4a7a423cce31aa55

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z3625190.exe

    Filesize

    873KB

    MD5

    5790ed0a8f8c6b5b8caa7be8ecf64d7e

    SHA1

    7c08f9e613b45e4f26f87e30e31858e5aa0077d4

    SHA256

    abdf7930fe15bfe9e325a742fa6cac5f36b19a6fcacdf825dbcbb4c2bcdc05ff

    SHA512

    b3e19f4b88279152eafeedd2cd53dc3ed52be81bf5b74c60df57583f4246b1d3e17868e6f041ae9da94e538469860cc30a715759b890ceab4a7a423cce31aa55

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z3542495.exe

    Filesize

    690KB

    MD5

    96dc03ce8563dd20d02fddea6a15e8ec

    SHA1

    c6091b87ea1d3590c0dd5945aae19257bd89bcdb

    SHA256

    2e53fdfe6e24f4c303c671ac7b13827eec85ec1e82a68e0d94d2c6a293df3ed5

    SHA512

    bcaca9d6bce71bf9c95fccb197a0f0a361234dcaeb2ef235ab78572fd8890f45d2b0071241281b84f20b7b01ee2fe2b47ffadd249c2384bf2dd4b8a23ef7f41e

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z3542495.exe

    Filesize

    690KB

    MD5

    96dc03ce8563dd20d02fddea6a15e8ec

    SHA1

    c6091b87ea1d3590c0dd5945aae19257bd89bcdb

    SHA256

    2e53fdfe6e24f4c303c671ac7b13827eec85ec1e82a68e0d94d2c6a293df3ed5

    SHA512

    bcaca9d6bce71bf9c95fccb197a0f0a361234dcaeb2ef235ab78572fd8890f45d2b0071241281b84f20b7b01ee2fe2b47ffadd249c2384bf2dd4b8a23ef7f41e

  • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z4907391.exe

    Filesize

    387KB

    MD5

    a40e1c86d02c783e00cd76df11f412ae

    SHA1

    4fc1b03d1cb91d64108921a52ddf3a219ccb6db4

    SHA256

    3b8dba6029a7a2199f1becbeee1da1904253a06f1e4fa69a56d176c176967c97

    SHA512

    f09752d087a43eab831224ecba98c9c628dfda8410e6ab2fb460c402a79e25ae9fac900e007fefaaf8a795e3e279f9454f6481212f7206aa408a21c742543177

  • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z4907391.exe

    Filesize

    387KB

    MD5

    a40e1c86d02c783e00cd76df11f412ae

    SHA1

    4fc1b03d1cb91d64108921a52ddf3a219ccb6db4

    SHA256

    3b8dba6029a7a2199f1becbeee1da1904253a06f1e4fa69a56d176c176967c97

    SHA512

    f09752d087a43eab831224ecba98c9c628dfda8410e6ab2fb460c402a79e25ae9fac900e007fefaaf8a795e3e279f9454f6481212f7206aa408a21c742543177

  • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q8843010.exe

    Filesize

    11KB

    MD5

    8f8f1bad079214f54199bd92294fa519

    SHA1

    1100e43044112e88e5ec46721604d0cf028652ea

    SHA256

    2c8dc50069881452f6cdcdf28e84afb9b01117a80e5df9c5b0b8f4b20496939b

    SHA512

    5a1e9fcd9fa91ca5a6f2aad80453ee6b5021f784d560a8673b49902c24e8a7e875f445dcf2bba9d1beac8fd5ddf63e378547ab504519b4401717214541bc4a69

  • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q8843010.exe

    Filesize

    11KB

    MD5

    8f8f1bad079214f54199bd92294fa519

    SHA1

    1100e43044112e88e5ec46721604d0cf028652ea

    SHA256

    2c8dc50069881452f6cdcdf28e84afb9b01117a80e5df9c5b0b8f4b20496939b

    SHA512

    5a1e9fcd9fa91ca5a6f2aad80453ee6b5021f784d560a8673b49902c24e8a7e875f445dcf2bba9d1beac8fd5ddf63e378547ab504519b4401717214541bc4a69

  • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\z4129699.exe

    Filesize

    1.0MB

    MD5

    a91258b0fac584b95ea1987d2cc6eba1

    SHA1

    317ec5d2da30ffdc215efd67cd8d48ae484fb2e8

    SHA256

    50ef9e74ae151d59eff6f5dc94c75b7d186955cd2af3c52ec0ed04323d29818e

    SHA512

    2c5d77d9e89377e789170d62230ee511a2f5c31a669ec5612bf3544ea88f3031924ad154c5a950a73ccee3f72ced25736e624960cbd7f35355fa49446ba41f60

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\z4129699.exe

    Filesize

    1.0MB

    MD5

    a91258b0fac584b95ea1987d2cc6eba1

    SHA1

    317ec5d2da30ffdc215efd67cd8d48ae484fb2e8

    SHA256

    50ef9e74ae151d59eff6f5dc94c75b7d186955cd2af3c52ec0ed04323d29818e

    SHA512

    2c5d77d9e89377e789170d62230ee511a2f5c31a669ec5612bf3544ea88f3031924ad154c5a950a73ccee3f72ced25736e624960cbd7f35355fa49446ba41f60

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\z3625190.exe

    Filesize

    873KB

    MD5

    5790ed0a8f8c6b5b8caa7be8ecf64d7e

    SHA1

    7c08f9e613b45e4f26f87e30e31858e5aa0077d4

    SHA256

    abdf7930fe15bfe9e325a742fa6cac5f36b19a6fcacdf825dbcbb4c2bcdc05ff

    SHA512

    b3e19f4b88279152eafeedd2cd53dc3ed52be81bf5b74c60df57583f4246b1d3e17868e6f041ae9da94e538469860cc30a715759b890ceab4a7a423cce31aa55

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\z3625190.exe

    Filesize

    873KB

    MD5

    5790ed0a8f8c6b5b8caa7be8ecf64d7e

    SHA1

    7c08f9e613b45e4f26f87e30e31858e5aa0077d4

    SHA256

    abdf7930fe15bfe9e325a742fa6cac5f36b19a6fcacdf825dbcbb4c2bcdc05ff

    SHA512

    b3e19f4b88279152eafeedd2cd53dc3ed52be81bf5b74c60df57583f4246b1d3e17868e6f041ae9da94e538469860cc30a715759b890ceab4a7a423cce31aa55

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\z3542495.exe

    Filesize

    690KB

    MD5

    96dc03ce8563dd20d02fddea6a15e8ec

    SHA1

    c6091b87ea1d3590c0dd5945aae19257bd89bcdb

    SHA256

    2e53fdfe6e24f4c303c671ac7b13827eec85ec1e82a68e0d94d2c6a293df3ed5

    SHA512

    bcaca9d6bce71bf9c95fccb197a0f0a361234dcaeb2ef235ab78572fd8890f45d2b0071241281b84f20b7b01ee2fe2b47ffadd249c2384bf2dd4b8a23ef7f41e

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\z3542495.exe

    Filesize

    690KB

    MD5

    96dc03ce8563dd20d02fddea6a15e8ec

    SHA1

    c6091b87ea1d3590c0dd5945aae19257bd89bcdb

    SHA256

    2e53fdfe6e24f4c303c671ac7b13827eec85ec1e82a68e0d94d2c6a293df3ed5

    SHA512

    bcaca9d6bce71bf9c95fccb197a0f0a361234dcaeb2ef235ab78572fd8890f45d2b0071241281b84f20b7b01ee2fe2b47ffadd249c2384bf2dd4b8a23ef7f41e

  • \Users\Admin\AppData\Local\Temp\IXP003.TMP\z4907391.exe

    Filesize

    387KB

    MD5

    a40e1c86d02c783e00cd76df11f412ae

    SHA1

    4fc1b03d1cb91d64108921a52ddf3a219ccb6db4

    SHA256

    3b8dba6029a7a2199f1becbeee1da1904253a06f1e4fa69a56d176c176967c97

    SHA512

    f09752d087a43eab831224ecba98c9c628dfda8410e6ab2fb460c402a79e25ae9fac900e007fefaaf8a795e3e279f9454f6481212f7206aa408a21c742543177

  • \Users\Admin\AppData\Local\Temp\IXP003.TMP\z4907391.exe

    Filesize

    387KB

    MD5

    a40e1c86d02c783e00cd76df11f412ae

    SHA1

    4fc1b03d1cb91d64108921a52ddf3a219ccb6db4

    SHA256

    3b8dba6029a7a2199f1becbeee1da1904253a06f1e4fa69a56d176c176967c97

    SHA512

    f09752d087a43eab831224ecba98c9c628dfda8410e6ab2fb460c402a79e25ae9fac900e007fefaaf8a795e3e279f9454f6481212f7206aa408a21c742543177

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\q8843010.exe

    Filesize

    11KB

    MD5

    8f8f1bad079214f54199bd92294fa519

    SHA1

    1100e43044112e88e5ec46721604d0cf028652ea

    SHA256

    2c8dc50069881452f6cdcdf28e84afb9b01117a80e5df9c5b0b8f4b20496939b

    SHA512

    5a1e9fcd9fa91ca5a6f2aad80453ee6b5021f784d560a8673b49902c24e8a7e875f445dcf2bba9d1beac8fd5ddf63e378547ab504519b4401717214541bc4a69

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • \Users\Admin\AppData\Local\Temp\IXP004.TMP\r6775827.exe

    Filesize

    700KB

    MD5

    7934cc7d12e8f21b1a57ccb8ca5cf734

    SHA1

    ca7867550fc646b3f5a337226cc91ddfb59ee18b

    SHA256

    94586746a3829dd649b570b808b5ddbc85ff40fcd5c9744e320c017dcb1acb94

    SHA512

    a1f7605e5ccc9223c8f4dad7966001241460b8e47b4995950bb2eed8f6cb7de96ed335f12f97e62c9319da1713fe061040087b4a5ae9300bd4d704da3ef50d59

  • memory/2300-49-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

    Filesize

    9.9MB

  • memory/2300-51-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

    Filesize

    9.9MB

  • memory/2300-48-0x0000000000DA0000-0x0000000000DAA000-memory.dmp

    Filesize

    40KB

  • memory/2300-50-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

    Filesize

    9.9MB

  • memory/2568-61-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-68-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-63-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-65-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-70-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-72-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-62-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-64-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2568-67-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

  • memory/2568-66-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB