Overview

overview

10

Static

static

3

y.exe

windows7-x64

10

y.exe

windows10-1703-x64

10

y.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    161s
  • platform
    windows10-1703_x64
  • resource
    win10-20231023-en
  • resource tags

    arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-11-2023 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    y.exe

  • Size

    516KB

  • MD5

    672c56bcaeedb4f630cda204ed5ef32d

  • SHA1

    df8868926293efb2e13339a020a0eefee128d9d7

  • SHA256

    448a9d8451178d090723b249ba1b3514539b14bfb14a7b2141dd492f296d1f53

  • SHA512

    38f69f8199a664edb278aeb63d33a50d19fa843e1331ba3870f3038cd2620cd41979c02287dfe154031c1d5ea32be70d9f775ae2e2f8c4f8e7fbef36154b21a4

  • SSDEEP

    6144:J0aJ41z7pmJyseEgKgPObyIozhRjcerTn:J0aqz79QmI4T

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Signatures

  • Detect PurpleFox Rootkit 7 IoCs

    Detect PurpleFox Rootkit.

    rootkit
  • Gh0st RAT payload 7 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    rootkittrojanpurplefox
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 32 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\y.exe
    "C:\Users\Admin\AppData\Local\Temp\y.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe C:\Users\Public\Music\g70UKD
      2⤵
        PID:4104
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3492
      • C:\Users\Admin\AppData\Roaming\EDUDT\QGqg.exe
        "C:\Users\Admin\AppData\Roaming\EDUDT\QGqg.exe" -n C:\Users\Admin\AppData\Roaming\EDUDT\NJ0.zip -d C:\Users\Admin\AppData\Roaming
        2⤵
        • Drops startup file
        • Executes dropped EXE
        PID:4532
      • C:\ProgramData\J2J2M2\D9T9T9y.exe
        "C:\ProgramData\J2J2M2\D9T9T9y.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3004
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3764

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\J2J2M2\D9T9T9y.exe
        Filesize

        2.2MB

        MD5

        afd1c09b13ac9d85781c6e4fe07457c7

        SHA1

        bb559602478c9b2e96da8eaa77f0536577aca1df

        SHA256

        9a50ab40120b76695c78d45c64a97f7179033a2a05f5a2e97db36c2a81021806

        SHA512

        1f48829faef6f22836e8946fb610c73b4134f0efa6c5ce0ece6c19606506c6d7fc4db4852b06b38183b1ad58c7775ffba5f0c69f93ce57532d29bff1d88226c4

        Download Submit

      • C:\ProgramData\J2J2M2\D9T9T9y.exe
        Filesize

        2.2MB

        MD5

        afd1c09b13ac9d85781c6e4fe07457c7

        SHA1

        bb559602478c9b2e96da8eaa77f0536577aca1df

        SHA256

        9a50ab40120b76695c78d45c64a97f7179033a2a05f5a2e97db36c2a81021806

        SHA512

        1f48829faef6f22836e8946fb610c73b4134f0efa6c5ce0ece6c19606506c6d7fc4db4852b06b38183b1ad58c7775ffba5f0c69f93ce57532d29bff1d88226c4

        Download Submit

      • C:\ProgramData\J2J2M2\D9T9T9y.exe
        Filesize

        2.2MB

        MD5

        afd1c09b13ac9d85781c6e4fe07457c7

        SHA1

        bb559602478c9b2e96da8eaa77f0536577aca1df

        SHA256

        9a50ab40120b76695c78d45c64a97f7179033a2a05f5a2e97db36c2a81021806

        SHA512

        1f48829faef6f22836e8946fb610c73b4134f0efa6c5ce0ece6c19606506c6d7fc4db4852b06b38183b1ad58c7775ffba5f0c69f93ce57532d29bff1d88226c4

        Download Submit

      • C:\ProgramData\J2J2M2\info.txt
        Filesize

        119KB

        MD5

        e47ce3af60628f795b86b3c3aff8b88f

        SHA1

        88051cfdd8fbd780888aba557a35cba97635694e

        SHA256

        40e00f085b691bbf8adbef2adb0ec55d5c6dee808605be4e4fd8ccad65f59c4b

        SHA512

        7ba0870dd4817e24f13a513a3ebd1196b0994f4a54574ac44b8791c52c9cd98260c96ab8368d04889472f4cb0bf08e2affe81f9593f80af43f57762d5f4cf1db

        Download Submit

      • C:\ProgramData\J2J2M2\qqffoBase.dll
        Filesize

        484KB

        MD5

        9f06ceef05be654f331d8771c74b25f0

        SHA1

        656829c09c9b3341afc371932e53271e76f09c23

        SHA256

        6417309e97acc09cbd18f919cd7b767584649ad2867abf613a47cf502da81507

        SHA512

        ca68a814ca42f8d7ffe35e78bbaa40d3d3d49cbc3c46832719d2b4d6566d8eee031f568fbdbc0d872fd5b84bea4f21ba4633baff3513b919789790b3516af5b3

        Download Submit

      • C:\ProgramData\SHELL.TXT
        Filesize

        1.2MB

        MD5

        a70e878d33aedb2062dd6dd99e340ff3

        SHA1

        a46b786c73f1751c998f00a4c41c0ea75f5e88e5

        SHA256

        a822a24f5987587a129a46e15dd905b2d09e605116689197e9222ea811a4e962

        SHA512

        78e196bd3dcbbcc43eedfb3c2cc2532537090c8b755eeeeafeb2a555f8035c14feedcddcfe991ad4c01f99889ca3dcd7e43652a1bf9a36e93400bedd363e6530

        Download Submit

      • C:\ProgramData\SHELL.ini
        Filesize

        92B

        MD5

        1213b2902b1c8b54868828c5a532811c

        SHA1

        ffe38a207b31fac5797c86e43ca3ed5667e96d0e

        SHA256

        67c9bbef4f0e63c67f09b7519f3178a820a0fcfdda5b84998dd8078c3fbd9d08

        SHA512

        3ffa49c5f45c0f2baedc5cd9c326b289b6dd608aea036235040e2f35479d62dfab6a7ecc7d66e1deac67834babee4b7272e7b7e7a0a9a4dff35fb76804c9f193

        Download Submit

      • C:\ProgramData\SHELL.ini
        Filesize

        102B

        MD5

        2e3c18cf89e3995c1caad22622a8633a

        SHA1

        1f5b89c2368f2e3974fe951fa087a3a2cd36146d

        SHA256

        0f371f46af350a287c34e785aec5b3d0a52d97e0aeabf548e612b6c3f51f5e79

        SHA512

        e349cd0e0908c7f6ca61402aebe674a34342add6dfd4a7ca03d708746d0d2039bb08aec03f3029a2180cf03ab8cdacfc3ea9bbe42dcfa6f0a70ae12a92b0575c

        Download Submit

      • C:\Users\Admin\AppData\Roaming\EDUDT\Embarcaderophi.lnk
        Filesize

        797B

        MD5

        461dca61867c11fe76dd1c59abf5cff0

        SHA1

        4b769c63d09453a3768f59cdec5d2d86746f3f32

        SHA256

        ce56a4c6a856178906d61dc52b41731cab31b95d2543e4e6648977791e9e534b

        SHA512

        7405f5691b1722d532aa8df97b0ab874a19e50730186b3b96ebb99f9df200432e93d17ab8bac2fe06c26854e90243a189c36c5b61de0217ae4b56bd93bcb744e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\EDUDT\NJ0.zip
        Filesize

        1KB

        MD5

        e6f4fa5abf4182d04ecefe530f924c24

        SHA1

        82e34511943cbf2c709b1039c7132372e409faa1

        SHA256

        961127352c35ed055056721ddfd16373190e36495afcbe5fd7a00310413705f0

        SHA512

        a6b4563abdcff9d830e7147f224cbd128f3d1b45cc93e7e48586c9d978f64f076e9fb9d6f2ba35fe63847738f260534cfac866ce43e461aa9cbee16ee2303d8e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\EDUDT\QGqg.exe
        Filesize

        152KB

        MD5

        6ffd7c733dde81f2b6b8782e690b044d

        SHA1

        19163bb2a519b23757061333da30c734cee7e32e

        SHA256

        cafde9e7d48e330f8edb552e2c026d11a318b8c9ee49bbd1a3dc9af1436e2fbc

        SHA512

        d9a42c9b1953a607f5c65e93bcd9d263ce5bf37f5bad57517848d0e6d7ea601f3378c48b143920fde8cab8626d5abfd97c2500f21bb981441aa0ab555dd1fda3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\EDUDT\QGqg.exe
        Filesize

        152KB

        MD5

        6ffd7c733dde81f2b6b8782e690b044d

        SHA1

        19163bb2a519b23757061333da30c734cee7e32e

        SHA256

        cafde9e7d48e330f8edb552e2c026d11a318b8c9ee49bbd1a3dc9af1436e2fbc

        SHA512

        d9a42c9b1953a607f5c65e93bcd9d263ce5bf37f5bad57517848d0e6d7ea601f3378c48b143920fde8cab8626d5abfd97c2500f21bb981441aa0ab555dd1fda3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\EDUDT\QGqg.exe
        Filesize

        152KB

        MD5

        6ffd7c733dde81f2b6b8782e690b044d

        SHA1

        19163bb2a519b23757061333da30c734cee7e32e

        SHA256

        cafde9e7d48e330f8edb552e2c026d11a318b8c9ee49bbd1a3dc9af1436e2fbc

        SHA512

        d9a42c9b1953a607f5c65e93bcd9d263ce5bf37f5bad57517848d0e6d7ea601f3378c48b143920fde8cab8626d5abfd97c2500f21bb981441aa0ab555dd1fda3

        Download Submit

      • C:\Users\Public\2I2L1L
        Filesize

        2.8MB

        MD5

        a4545f9052e0f25d388fd08d1f8dc918

        SHA1

        14427a5dee047507d72cd4654ccc60db88fc4aae

        SHA256

        37e849c75b1904a47549335a3b72d458c9e28617f18502bdd4860365442f5f86

        SHA512

        102f3ff5784c9b0e65ba708962da79e04a77007d16e00fc67d3496b56c83fca83af65a70cba8bba84e4953659b133e51d484f9b0255205cdb080070c665599a8

        Download Submit

      • C:\Users\Public\Music\g70UKD\8OIo5Y.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\9QGztj.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\Exnh71.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\Gnga0T.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\HArke4.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\KDxnha.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\KDxnha.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\Oub4UO.lnk
        Filesize

        1006B

        MD5

        80f67d67283be78057992098cdd4be8f

        SHA1

        36c1903ac7965c6aeb4cf5b3e67586ad5a19a4c0

        SHA256

        6bb48a88cd9c0d434b07ae450603fa7a586597016443edab55e108af1b2c304c

        SHA512

        c9629c29dbf8cc212ddb94d8c68087c559284971eb6056b62e1aeebed10e2750346a70a3d2eb8373bb9ff0b5c5dd10fad1edea921cc570779321eba16d71345d

        Download Submit

      • C:\Users\Public\Music\g70UKD\QGAtkd.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\TNDwng.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • C:\Users\Public\Music\g70UKD\VPFzs9.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\WDwmg9.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\WDwmg9.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\c2VPFz.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\mc6Mwm.lnk
        Filesize

        1006B

        MD5

        a6d9ba4204d51d859c77d3da736faa25

        SHA1

        65a9d5e13e2be87cf233a64343b84960b8046e9b

        SHA256

        f3fd48fff322b6fea7b57088ccbc9364364e8ede02e1dd205aae21505c7c7cf5

        SHA512

        927801a0fae8c84d049b6dca760b1a0d6bb86d386772e019c119148a8a0ec3fdff62c4d02c97f6aebcbe9e1290e8791b5fe195c5618007b6ffe76d8adf24505a

        Download Submit

      • C:\Users\Public\Music\g70UKD\mf6PGz.url
        Filesize

        67B

        MD5

        3f10ebc9f956b4b70a757f7f1b0de5b5

        SHA1

        ce68ca9c8d371b4ba7d8ff9d19c2ff401cc3fae1

        SHA256

        6d8fa24d08a3c6df0b3044e1f12b0684a0968374f9e9964e44b2c294f19ce45d

        SHA512

        04ed07cd824d48670f7d4b511dbb69943f95af52609e42eeb706baadacdfde6069c8bae23e30de7b1320c8b300234d55d16345161ccaa92fa2378fbd650a2597

        Download Submit

      • \ProgramData\J2J2M2\qqffoBase.dll
        Filesize

        484KB

        MD5

        9f06ceef05be654f331d8771c74b25f0

        SHA1

        656829c09c9b3341afc371932e53271e76f09c23

        SHA256

        6417309e97acc09cbd18f919cd7b767584649ad2867abf613a47cf502da81507

        SHA512

        ca68a814ca42f8d7ffe35e78bbaa40d3d3d49cbc3c46832719d2b4d6566d8eee031f568fbdbc0d872fd5b84bea4f21ba4633baff3513b919789790b3516af5b3

        Download Submit

      • memory/3004-110-0x00000000034D0000-0x000000000360B000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3004-100-0x0000000000DE0000-0x0000000000DEA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3004-99-0x0000000000400000-0x0000000000CD0000-memory.dmp

        Filesize

        8.8MB

        Download

      • memory/3004-113-0x0000000003610000-0x00000000037B8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3004-115-0x0000000003610000-0x00000000037B8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3004-123-0x0000000003610000-0x00000000037B8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3004-134-0x0000000003610000-0x00000000037B8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3004-137-0x0000000003610000-0x00000000037B8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3004-139-0x0000000003610000-0x00000000037B8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/4972-2-0x0000000010000000-0x00000000100C1000-memory.dmp

        Filesize

        772KB

        Download

      • memory/4972-11-0x00000000035A0000-0x00000000035E6000-memory.dmp

        Filesize

        280KB

        Download