njrat | cd77b109e45ef08f0b25ae4e211b4134bd7c349cbdf2ecde6425ec267a6a3a0d

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2023 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe
Size

3.3MB
MD5

15bc4d1c91da5d491756d4c4cfa96f8e
SHA1

d1a0a6f32d9a41ff76fe2a0ff3ef084334b949d6
SHA256

456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd
SHA512

f7658e5fd2228cb28ea823027139a221f4d0721a4a2f30e3454bdecdb37a903ae35cb7830ad0cf6ef36233334cc9936768ed8505bb277ff5994a9e95202ec99b
SSDEEP

98304:NAhjsRxEm2bTLMup0z1Uesj6qqDK8COMf3:NAJDHbTLbpU1ij6jCzf

Score

10^/10

njrat trojan

Malware Config

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-423100829-2271632622-1028104103-1000\Control Panel\International\Geo\Nation	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe

Executes dropped EXE 3 IoCs

Processes:

stub.exe[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

pid process

2304 stub.exe
4132 [FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe
2228 [FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

pid	process
2304	stub.exe
4132	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe
2228	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

Loads dropped DLL 5 IoCs

Processes:

[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

pid	process
2228	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
2228	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
2228	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
2228	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
2228	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-423100829-2271632622-1028104103-1000_Classes\Local Settings cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-423100829-2271632622-1028104103-1000_Classes\Local Settings	cmd.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

stub.exe

description	pid	process
Token: SeDebugPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe
Token: 33	2304	stub.exe
Token: SeIncBasePriorityPrivilege	2304	stub.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4740 OpenWith.exe

pid	process
4740	OpenWith.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe

description	pid	process	target process
PID 1664 wrote to memory of 2304	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	stub.exe
PID 1664 wrote to memory of 2304	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	stub.exe
PID 1664 wrote to memory of 2092	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	cmd.exe
PID 1664 wrote to memory of 2092	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	cmd.exe
PID 1664 wrote to memory of 4132	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe
PID 1664 wrote to memory of 4132	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe
PID 1664 wrote to memory of 4132	1664	456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe
PID 4132 wrote to memory of 2228	4132	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
PID 4132 wrote to memory of 2228	4132	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
PID 4132 wrote to memory of 2228	4132	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe	[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

C:\Users\Admin\AppData\Local\Temp\456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe
"C:\Users\Admin\AppData\Local\Temp\456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1664

C:\Users\Admin\AppData\Local\Temp\stub.exe
"C:\Users\Admin\AppData\Local\Temp\stub.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Microsoft Defender Disable.bat" "
2⤵
- Modifies registry class
PID:2092

C:\Users\Admin\AppData\Local\Temp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe
"C:\Users\Admin\AppData\Local\Temp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4132

C:\Users\Admin\AppData\Local\Temp\is-9FQI5.tmp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9FQI5.tmp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp" /SL5="$40170,2865322,190464,C:\Users\Admin\AppData\Local\Temp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:2228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Microsoft Defender Disable.bat

Filesize
5KB

MD5
4f79c754e9958d1aee7ee1bf0f620c16

SHA1
0633a731b662772011b73be6aabeee962430245a

SHA256
2a089b08617195fb30b10a1b3e2c0eda45bc49a31cca7b9680f08e8631a0092c

SHA512
0c90fe5c10ab9b776b3df990aa7558f2624f5cc09a8d17668cbf672a976bc766bbadf0cd3da0ab5f47f9ec00550897982bb9474fe74e13a8d72304b93e26da12

Download Submit
C:\Users\Admin\AppData\Local\Temp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe

Filesize
3.3MB

MD5
592b233a631aa9684102991684b906ef

SHA1
6be7158e443bf48046201593a806ffc4832013ce

SHA256
81878356f5a813a3004c1bcccce453aa1f38bd1c37523f4878ed619d0ac7f456

SHA512
ef33466423279e1b8b694e3a88972cd9058a7a7b29533fc518951a6a84d7d804601c30447e98a6ffff8c45c346180e887f6e8500fed855d40a8f422973365fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe

Filesize
3.3MB

MD5
592b233a631aa9684102991684b906ef

SHA1
6be7158e443bf48046201593a806ffc4832013ce

SHA256
81878356f5a813a3004c1bcccce453aa1f38bd1c37523f4878ed619d0ac7f456

SHA512
ef33466423279e1b8b694e3a88972cd9058a7a7b29533fc518951a6a84d7d804601c30447e98a6ffff8c45c346180e887f6e8500fed855d40a8f422973365fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.exe

Filesize
3.3MB

MD5
592b233a631aa9684102991684b906ef

SHA1
6be7158e443bf48046201593a806ffc4832013ce

SHA256
81878356f5a813a3004c1bcccce453aa1f38bd1c37523f4878ed619d0ac7f456

SHA512
ef33466423279e1b8b694e3a88972cd9058a7a7b29533fc518951a6a84d7d804601c30447e98a6ffff8c45c346180e887f6e8500fed855d40a8f422973365fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\CheckBox.png

Filesize
7KB

MD5
abd301b0263b0e0cebdd71e4855ac7d3

SHA1
1e8480c3f3b47a5daa7cb1183b6a7a49998cda6e

SHA256
aff003e75bbf410ed2f7ca8728afe01ab4a517536647ad20109d00c4adf570d5

SHA512
b5abb188bd23d7fc2e3253a5639cc3eba6d21774dba55b43395cf84ddb49fe707ad54dc0a7f157e6b0804c1662d9c4cb4bef2787aafb194ea73fbebd1a63bb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\WizardImage.jpg

Filesize
62KB

MD5
b91658597f15d7f689c86f5a2e7824bd

SHA1
00da609aa0b39140b767a3bc2644433d64edbd71

SHA256
b3cda6ab45ad5aa6a0a5f700d2c8987b3c1c1ebda63165d9bd5a566b24dcbd84

SHA512
00b287fb14b947edf4b16d52243e9a992595d8894e83d8590473103d1b54a4670b323db13c4f78234617c44f905baf517e68fcceaad313f3ea7cd44cf036daea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\botva2.dll

Filesize
32KB

MD5
295832fa6400cb3407cfe84b06785531

SHA1
7068910c2e0ea7f4535c770517e29d9c2d2ee77b

SHA256
13e372c4d843603096f33603915c3f25d0e0d4475001c33ce5263bfcd1760784

SHA512
50516f9761efd14641f65bd773cfdd50c4ab0de977e094ba9227796dc319d9330321c7914243fc7dc04b5716752395f8dac8ccdfdb98ba7e5f5c1172408ce57b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\botva2.dll

Filesize
32KB

MD5
295832fa6400cb3407cfe84b06785531

SHA1
7068910c2e0ea7f4535c770517e29d9c2d2ee77b

SHA256
13e372c4d843603096f33603915c3f25d0e0d4475001c33ce5263bfcd1760784

SHA512
50516f9761efd14641f65bd773cfdd50c4ab0de977e094ba9227796dc319d9330321c7914243fc7dc04b5716752395f8dac8ccdfdb98ba7e5f5c1172408ce57b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\button.png

Filesize
12KB

MD5
51af4120d6d22b1126cc87a5143740ef

SHA1
1cb4e91e765537a72c9628056d29fbd6a7ce515c

SHA256
c74fed62141f7e666379a0b00d5b39c86975332cf08151cbe8cab88eff2c393c

SHA512
2595be954684ca34bc9284337524a5191c72fbea46b59555a5113ed8404a1e7ab6c2aa0f5a975f832cccdd8934ff1140c679ecd940f31cc14b4c3a362a225cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\get_hw_caps.dll

Filesize
76KB

MD5
2e35d2894df3b691dbd8e0d4f4c84efc

SHA1
d0fc14963e397d185e9f2d7dea1d07bc6308d5b9

SHA256
869079ba362cbc560d673db290248ec2aa075a74f22a82d90621f1118f8e1c4d

SHA512
29ba662ab2e77aef0547ff76213a1b6ef52be27a446923790a27cf8b69377621048387dbb9f22001b6d15837dddada84c7350614ec9622258319658822705f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9BKV0.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9FQI5.tmp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

Filesize
1.5MB

MD5
17fac68c3018078e9bedc9d58d02423b

SHA1
e434edc315f792d2835e8d507218890df3eea64c

SHA256
c87bd5d9698eb981ee384baa08305e7b94769e0cf3c1bbc97d11aab096013417

SHA512
bd0f62b2e4e828d2ddda98bdb337fbfc3b6c859781c499deec3130b3922fc0e71d695418881fab5bafb8da44dce6b10141f873fb94fa579d1a847468f4fb8d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9FQI5.tmp\[FreeTP.Org]Human-Fall-Flat-Multiplayer-Fix-Online-v4.tmp

Filesize
1.5MB

MD5
17fac68c3018078e9bedc9d58d02423b

SHA1
e434edc315f792d2835e8d507218890df3eea64c

SHA256
c87bd5d9698eb981ee384baa08305e7b94769e0cf3c1bbc97d11aab096013417

SHA512
bd0f62b2e4e828d2ddda98bdb337fbfc3b6c859781c499deec3130b3922fc0e71d695418881fab5bafb8da44dce6b10141f873fb94fa579d1a847468f4fb8d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\stub.exe

Filesize
22KB

MD5
c0e9c050a999c46528ac1e176cf0a00d

SHA1
2384ab4a9b8f2f4965c4c3fc7f61fe5dd7017571

SHA256
9cc01229bcc1d0d2619ce65b13bd737449700dc892b1d19c7839a5a7f3c262c9

SHA512
916dab42031941ef3dd7d169cf915ad7e1fd89abc6d397a7a58ca30f8829a5e0348ea8219432211d7463b1d0122ae13add6458a543ae9db9f0e31d1b66bbef5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\stub.exe

Filesize
22KB

MD5
c0e9c050a999c46528ac1e176cf0a00d

SHA1
2384ab4a9b8f2f4965c4c3fc7f61fe5dd7017571

SHA256
9cc01229bcc1d0d2619ce65b13bd737449700dc892b1d19c7839a5a7f3c262c9

SHA512
916dab42031941ef3dd7d169cf915ad7e1fd89abc6d397a7a58ca30f8829a5e0348ea8219432211d7463b1d0122ae13add6458a543ae9db9f0e31d1b66bbef5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\stub.exe

Filesize
22KB

MD5
c0e9c050a999c46528ac1e176cf0a00d

SHA1
2384ab4a9b8f2f4965c4c3fc7f61fe5dd7017571

SHA256
9cc01229bcc1d0d2619ce65b13bd737449700dc892b1d19c7839a5a7f3c262c9

SHA512
916dab42031941ef3dd7d169cf915ad7e1fd89abc6d397a7a58ca30f8829a5e0348ea8219432211d7463b1d0122ae13add6458a543ae9db9f0e31d1b66bbef5f

Download Submit
memory/1664-30-0x00007FFA72140000-0x00007FFA72C01000-memory.dmp

Filesize
10.8MB

Download
memory/1664-0-0x00000000005F0000-0x0000000000936000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1-0x00007FFA72140000-0x00007FFA72C01000-memory.dmp

Filesize
10.8MB

Download
memory/1664-3-0x000000001B6A0000-0x000000001B6B0000-memory.dmp

Filesize
64KB

Download
memory/2228-148-0x00000000034E0000-0x00000000034ED000-memory.dmp

Filesize
52KB

Download
memory/2228-149-0x0000000005E80000-0x0000000005E95000-memory.dmp

Filesize
84KB

Download
memory/2228-160-0x0000000005E80000-0x0000000005E95000-memory.dmp

Filesize
84KB

Download
memory/2228-159-0x00000000034E0000-0x00000000034ED000-memory.dmp

Filesize
52KB

Download
memory/2228-112-0x0000000005E80000-0x0000000005E95000-memory.dmp

Filesize
84KB

Download
memory/2228-39-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2228-69-0x00000000034E0000-0x00000000034ED000-memory.dmp

Filesize
52KB

Download
memory/2228-155-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2228-147-0x0000000000400000-0x0000000000585000-memory.dmp

Filesize
1.5MB

Download
memory/2304-51-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/2304-26-0x00007FFA72140000-0x00007FFA72C01000-memory.dmp

Filesize
10.8MB

Download
memory/2304-150-0x00007FFA72140000-0x00007FFA72C01000-memory.dmp

Filesize
10.8MB

Download
memory/2304-156-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/2304-18-0x0000000000A80000-0x0000000000A8C000-memory.dmp

Filesize
48KB

Download
memory/4132-146-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4132-32-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download