0fa807337a3c638aad78d9b50eaae632907291f5fffca08951bc0f27d929189a

max time kernel
140s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20231128-en
resource tags

arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system
submitted
28/11/2023, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DF.exe
Size

528KB
MD5

0580e3884493d1157a00e694a844a728
SHA1

85492026c18fa2e41ed2eab90e94a6a1979a972d
SHA256

0fa807337a3c638aad78d9b50eaae632907291f5fffca08951bc0f27d929189a
SHA512

cb23316a4228ca8a58f3ed94f69c27af7c197072cde11716fa8bba0799f68bf7c355526c70a3e8d04a5553040a9647eb4cf649be54508b956f90616bf0742ca8
SSDEEP

6144:2m7CZCyTCxUcy9qk0oQk3vFwQuyxMgYjYlEg3KwDe2heh3a1kWazQYoc164:Z7yRSyQSdBi+lDeQehTWajhP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Music"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 7c003100000000007c57937a11005075626c69630000660009000400efbec55259617c57957a2e0000009e0500000000010000000000000000003c0000000000221c45005000750062006c0069006300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003600000016000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 78003100000000007c57947a11004d7573696300640009000400efbec55259617c57957a2e000000a30500000000010000000000000000003a000000000012aa10004d007500730069006300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380030003300000014000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\Registry\User\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\NotificationData	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000007c57da5e1100557365727300640009000400efbec5522d607c578b7a2e0000006c0500000000010000000000000000003a00000000000b66750055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 54003100000000007c57947a100030544e44787100003e0009000400efbe7c57947a7c57947a2e000000f3a7020000000300000000000000000000000000000012aa1000300054004e00440078007100000016000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2189761507-171623489-4293150984-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4672	explorer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1860	DF.exe
1860	DF.exe
1860	DF.exe
1860	DF.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1860	DF.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4672	explorer.exe
4672	explorer.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2312	1860	DF.exe	80
PID 1860 wrote to memory of 2312	1860	DF.exe	80

C:\Users\Admin\AppData\Local\Temp\DF.exe
"C:\Users\Admin\AppData\Local\Temp\DF.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe C:\Users\Public\Music\0TNDxq
  2⤵
  PID:2312

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4672

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\5L5O5O\XDXGXGF.exe

Filesize
13.7MB

MD5
2534a393218539bfe7bb298c6e24d69d

SHA1
dafa37cda232c109f7de33ca12a358d2f1c60d58

SHA256
a405c93e9913843d2f67be9c49b6553ad4c4a2fae122af63c04c6350b9a72a93

SHA512
cfc1f3053e7a6d78406201e89e76a4519267ad191cbf94862bf0f2db4c52c8f802094e3b33f706766b9de8ada1f0f9b7c98d6ba916fbe402bde7816c9da861a6

Download Submit
C:\Users\Admin\AppData\Roaming\YI1H1\Embarcaderophi.lnk

Filesize
797B

MD5
27dbd7adec1378d4bc612b7c6d3c071e

SHA1
86576f160b51746468159ff8eaefa7dcdbdb9f37

SHA256
57dd13c206ec14a6f2a615d8f48294b0db36deccb650f79e92656fe9e6571c8b

SHA512
cccd1bace92ef00e5a63c1cbd6181292dfdc9ba6a6943df754e0f357d131d2a52a821834f6678f3838408c208305480cf92add7681fe61cb567b50c0695308b5

Download Submit
C:\Users\Admin\AppData\Roaming\YI1H1\r71R.exe

Filesize
105KB

MD5
6b8ebc942fe392c669b0b21bc8f83a03

SHA1
18fb9645a7365ae17b8386e47bec0b5ba6f5122f

SHA256
e5a35deff01c93f658ab8c4192570ad9ae5ffaa4f5f6d1b4db99f176bf5bdbe7

SHA512
0953d528c5d07b22fa0a969c98d569cf68e58450e1fc0179ddb2068cb4c429d23044a71005fd0daebe7e0c896c5a7598c5329e4c040be9099dfb1e62a2686589

Download Submit
C:\Users\Public\L4O4O7

Filesize
11.7MB

MD5
ae207973403b8722422b1d98102fc4d7

SHA1
74da121a94bb951ee75ef5b70e308fcfddcc172e

SHA256
81a0efe1271ef303599ff5f6edbca9974b1ec607aa323c827744e2c426b07936

SHA512
25ebcda952d89cb7bada384634ea60d0d44f1c20b5c8aabf5d5ccddfe1ffed2c968a8dffd22e1060762a1ce72cb4e474a9eb0b92e1ca7463f5677f283b54cf2f

Download Submit
C:\Users\Public\Music\0TNDxq\1RLEuo.lnk

Filesize
1006B

MD5
a05eec9e61a1ed31e7a6d26092bcbb18

SHA1
87d3db03f6febb4b65e4ed8d761a7bcd604577b1

SHA256
d343f58e55cb219d5a32a15738c22181b76d1051e18ba6f97f38f19983b1e363

SHA512
479fcaf64b4a54bdc337320a073b869d333f5628e40fd43207ce51fc666fbb1e06038f6676fbd3436b984ab126be83069579ec3abfab90db8976ff8be44815f5

Download Submit
C:\Users\Public\Music\0TNDxq\5WPFzs.lnk

Filesize
1006B

MD5
0583d2ec9001787fe86f211a97c31b5d

SHA1
be28878d7ca12b4d8f9eb62043d50f41610804a9

SHA256
68618b7cbfee4c903d9a7ad22b0533e92bcf5b3026d9657001614d11c65703e8

SHA512
fdcb45e2bfdc43354776e3653307859b1554d4571b91d62c4091c3d029ad99020772db64f21276083b5681eeb253015e3754871e70022fdd4529969ed41e47ab

Download Submit
C:\Users\Public\Music\0TNDxq\HAqkd4.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\KDxng7.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\KDxng7.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\Pwpg93.lnk

Filesize
1006B

MD5
15d54c84e6e9e56def846ddb65f1d175

SHA1
a2849700baa7e238cfa9b127bdbb445861b46055

SHA256
aeac850367d20a7aa2abc518d2d85c1789eb1a22cebae168a54d744a891cc1c5

SHA512
ab379284e3db15801600c26d2152567d1af6efd2dfb9174f1fefacc83d98933f19be16e53fe43ef713d3ee285bc2bb07e882cd3f398753ce4be26bfc5a4efd64

Download Submit
C:\Users\Public\Music\0TNDxq\QGAqjd.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\TJDwng.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\WQGztj.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\_TMCwm.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\a3rha1.lnk

Filesize
1006B

MD5
085d6b9ca4787608444cf41760ac2242

SHA1
4d90ca39212a8f0d2db7bd75216159ed994ac656

SHA256
54369287c585fe00200ba8f42a5c2b13716d423d247f0c673ce38d5dca4cc194

SHA512
c1491feed27576d4ba92584d06cdeae00ffab1e537e04f3cd916043c08044805452f5d457ac66c192e7403b46ecba71590dd11085d40cce0b6d38f9d29396283

Download Submit
C:\Users\Public\Music\0TNDxq\l5VPIz.lnk

Filesize
1006B

MD5
16bd25ea53435cb8d76abb19aa240bc2

SHA1
db7594def11de9d80172c3e563b2554452e3a177

SHA256
20e359476bde6482fb73f50e1a5c270e2b8e0e8993f222b8bc68bc55237040e7

SHA512
4aade9dd8add06ab0379988de04f33be24a9625467bb79eaa855c154651e3cf9c887062afaef24b36860ea83f546502bf752eb4c825bad1566b7a6df3bdb52d9

Download Submit
C:\Users\Public\Music\0TNDxq\r71RLB.lnk

Filesize
1006B

MD5
06a9d7e7c50a280778751bb435ac1937

SHA1
d3b674ea7c7d229133e63c5d4fa0aee63d51379a

SHA256
4eeb0b41f049341a463a69e4e9986ddb8b3ae67c3461e3c872c8fd89b87bd818

SHA512
79959fba4a7d5ac78cda132c0867a983d83d3a2be263187241d88b833c11f945236cf0b9fa372b59625f08948fd12b7f8d3a28239c09d4dddb541017a18045cc

Download Submit
C:\Users\Public\Music\0TNDxq\rke4XR.url

Filesize
67B

MD5
12d3cc7e76cca01e2f51c731383f2d2c

SHA1
2535feed4eeac4a52ec4260ab74665240486a2fd

SHA256
c14c754e8f8e87a9f27592dd456ba4ce5161b5c6d4ce43c89107319f1fdc5a24

SHA512
e60df067f6fb629ff3c8f0b7cfaee8bd14d13acaa4adb2db5d2ad0d5428313c9b0f5a93b58a087444ad24893e4cf7b0186155fc3364a712318005b92a7253913

Download Submit
C:\Users\Public\Music\0TNDxq\zj93TN.lnk

Filesize
1006B

MD5
afb32e5935c7aed81105585e19d759be

SHA1
8e26efdfc4dbf7e85b28c7c370de1f8f168add9b

SHA256
e603ac13fbc600379cb9e7ad4d7c4527bee19e43f1a41895098757fe34dbb4b1

SHA512
b0835f2ceb4b0e07d2ba881d55f44e9046bd8feb8833482dcfbc84793d1cc9f6f0756524accfd1fbabbf9fe12fd0d292c2358d8f0858512d135721ab19d4a47e

Download Submit
memory/1860-0-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download
memory/1860-15-0x0000000004C50000-0x0000000004CC3000-memory.dmp

Filesize
460KB

Download
memory/1860-6-0x0000000004B80000-0x0000000004C41000-memory.dmp

Filesize
772KB

Download
memory/1860-48-0x0000000005040000-0x0000000005066000-memory.dmp

Filesize
152KB

Download