572eb7ac9e3601b5741d9491af311f5e71435ba726583d5b238b0527ab61a96f

Analysis

max time kernel
0s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51016dc2d1d80ae9d30c5ffed6cec387.exe
Size

512KB
MD5

51016dc2d1d80ae9d30c5ffed6cec387
SHA1

a64ec5a6c0c541db5fd9351cfafcc3f191b53b01
SHA256

572eb7ac9e3601b5741d9491af311f5e71435ba726583d5b238b0527ab61a96f
SHA512

7953715b7cb7454a8becc554f1e3bc479b8243953563a13f80b98031fdf53a0479e6a1d99cc7bbe8f37a2561b3829d149b8cc413d075450b9f5c0d6224bed57b
SSDEEP

6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6A:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5r

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3792	lxfrzbphin.exe
1892	egferxpfsyrdfkg.exe
4032	roocblxn.exe
2780	gunuthcuvvvay.exe

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/4336-0-0x0000000000400000-0x0000000000496000-memory.dmp	autoit_exe
behavioral2/files/0x000700000002322f-18.dat	autoit_exe
behavioral2/files/0x0006000000023236-32.dat	autoit_exe
behavioral2/files/0x0006000000023236-31.dat	autoit_exe
behavioral2/files/0x0007000000023232-24.dat	autoit_exe
behavioral2/files/0x0007000000023235-51.dat	autoit_exe
behavioral2/files/0x0007000000023243-81.dat	autoit_exe
behavioral2/files/0x0007000000023232-23.dat	autoit_exe
behavioral2/files/0x0007000000023235-29.dat	autoit_exe
behavioral2/files/0x0007000000023235-28.dat	autoit_exe
behavioral2/files/0x000700000002322f-19.dat	autoit_exe
behavioral2/files/0x0007000000023232-5.dat	autoit_exe
behavioral2/files/0x000700000002251c-93.dat	autoit_exe
behavioral2/files/0x0007000000023229-99.dat	autoit_exe
behavioral2/files/0x0007000000023229-101.dat	autoit_exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\egferxpfsyrdfkg.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File opened for modification	C:\Windows\SysWOW64\egferxpfsyrdfkg.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File created	C:\Windows\SysWOW64\roocblxn.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File opened for modification	C:\Windows\SysWOW64\roocblxn.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File created	C:\Windows\SysWOW64\gunuthcuvvvay.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File opened for modification	C:\Windows\SysWOW64\gunuthcuvvvay.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File created	C:\Windows\SysWOW64\lxfrzbphin.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe
File opened for modification	C:\Windows\SysWOW64\lxfrzbphin.exe	51016dc2d1d80ae9d30c5ffed6cec387.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\mydoc.rtf	51016dc2d1d80ae9d30c5ffed6cec387.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLV.Classes\StartCom1 = "E7F06BC4FF1821DED279D1D58B7B9164"	51016dc2d1d80ae9d30c5ffed6cec387.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLV.Classes\StartCom2 = "184BC70B15E0DAB2B8BC7FE6EC9737CF"	51016dc2d1d80ae9d30c5ffed6cec387.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLV.Classes	51016dc2d1d80ae9d30c5ffed6cec387.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLV.Classes\Com1 = "334F2D0B9C5682226D3676D277262CD67D8764D7"	51016dc2d1d80ae9d30c5ffed6cec387.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLV.Classes\Com2 = "6ACFFACAF96BF1E5840B3A32819B3997B38C03FD4211033DE1C842EB08D4"	51016dc2d1d80ae9d30c5ffed6cec387.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLV.Classes\Com3 = "2EB2B15A47E1399A53CCBAA5339DD7C8"	51016dc2d1d80ae9d30c5ffed6cec387.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLV.Classes\Com4 = "7E8FFC82482E826D903CD72F7D96BC93E63458416641633FD69D"	51016dc2d1d80ae9d30c5ffed6cec387.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe
4336	51016dc2d1d80ae9d30c5ffed6cec387.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 3792	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	34
PID 4336 wrote to memory of 3792	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	34
PID 4336 wrote to memory of 3792	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	34
PID 4336 wrote to memory of 1892	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	33
PID 4336 wrote to memory of 1892	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	33
PID 4336 wrote to memory of 1892	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	33
PID 4336 wrote to memory of 4032	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	32
PID 4336 wrote to memory of 4032	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	32
PID 4336 wrote to memory of 4032	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	32
PID 4336 wrote to memory of 2780	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	26
PID 4336 wrote to memory of 2780	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	26
PID 4336 wrote to memory of 2780	4336	51016dc2d1d80ae9d30c5ffed6cec387.exe	26

C:\Users\Admin\AppData\Local\Temp\51016dc2d1d80ae9d30c5ffed6cec387.exe
"C:\Users\Admin\AppData\Local\Temp\51016dc2d1d80ae9d30c5ffed6cec387.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Windows\SysWOW64\gunuthcuvvvay.exe
  gunuthcuvvvay.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
  2⤵
  PID:4016
- C:\Windows\SysWOW64\roocblxn.exe
  roocblxn.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\SysWOW64\egferxpfsyrdfkg.exe
  egferxpfsyrdfkg.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\SysWOW64\lxfrzbphin.exe
  lxfrzbphin.exe
  2⤵
  - Executes dropped EXE
  PID:3792

C:\Windows\SysWOW64\roocblxn.exe
C:\Windows\system32\roocblxn.exe
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe

Filesize
19KB

MD5
f653fd40ebf9b38fa8f964af8f06d367

SHA1
041dae94d8f8d74f0facce7b9b54e4fdf4829a34

SHA256
36196b8c49124a5882d088eef0a7a596461ed721c259741df892d79a1a1e622b

SHA512
c42579de321d7720494bb4856828f81ca6ae53578acad24cb43b495d7e28b7121c821f3856cf47d5718c83714b24a740f7767404d1d7a6d21fd334a6e915afe8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
239B

MD5
12b138a5a40ffb88d1850866bf2959cd

SHA1
57001ba2de61329118440de3e9f8a81074cb28a2

SHA256
9def83813762ad0c5f6fdd68707d43b7ccd26633b2123254272180d76bc3faaf

SHA512
9f69865a791d09dec41df24d68ad2ab8292d1b5beeca8324ba02feba71a66f1ca4bb44954e760c0037c8db1ac00d71581cab4c77acbc3fb741940b17ccc444eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
ebedb2a73354ea323b86dccb59fb35e7

SHA1
5f87a025647805c90387df2cdeb169726098b83b

SHA256
5ed1765ad196e9ccf7992f11a2e6dc2172a9857fdf7c7a0a48c01c6eda2182f5

SHA512
068521bfa654aeff1830456b28d22dc514ab55d43ebbce102827dfc822d842fa1faca88686cc4d85c168e57e26d937ed7afe344a3a6af080ad6c679ca3c6fbb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
676c957533c7cb21a769e59003c1b44a

SHA1
37d5ccee67dcea00eab67426bb76101d2269e6e2

SHA256
2d1f3d3e5ab6019c88272b66ad04aa64ad314746cfe504ef38433ef543740e9a

SHA512
737fe444f761b8597f19a6877b59109d9052884fe75f674a40ea5fc8ecbe9bbf7717c2674e3b6824bc97231bb74346eb23bae365137d22e2db986f2dca8149df

Download Submit
C:\Windows\SysWOW64\egferxpfsyrdfkg.exe

Filesize
10KB

MD5
10488fd84a45989b40dec4100c6780b0

SHA1
eb30566e1635e211539ad593875fed87e0ec0c9d

SHA256
4fb18fcd2837db89c2488bd8da7ca40a019a787c9c87a6232942aff19910acc2

SHA512
6c7c58da1895823a25135d94d925d8803bc18e15be7584fbc2ad35762e6a586b0473d60f20f0e079241cc6fa537edd36df3e334311e5598a9018e9c4da326862

Download Submit
C:\Windows\SysWOW64\egferxpfsyrdfkg.exe

Filesize
45KB

MD5
04867f03bf8301e55e18ca490914172f

SHA1
b0d4abde940d89a2b7d7ca94b5eed09181fa773c

SHA256
54bf8cdf7bccd3e30a992c51867c4d7f05d47d18275d9783765c42bb3b168013

SHA512
b9aaee6c94a025215a8becec76f3feb6fa10f46419459568f3cbef4e6d55557e8bfffd3e7e77b9426fdcdf238afe6d90bea14c8a7a6225bfe0f97552e7ead6b9

Download Submit
C:\Windows\SysWOW64\egferxpfsyrdfkg.exe

Filesize
64KB

MD5
d76d22b81130bc9206c7c947d7a9ea5e

SHA1
5956e88a6ec7949ce5a350e21703307d855f34b1

SHA256
b96acd28ea28c51de470bf63ebbc33a346440fe63e236ab9f092e0cb3035b870

SHA512
112f4f23127929556f27e12a7979ebd1536af790c92f8ff7870a5b39470bd02d83fbf1697e7ab3eccebd71c44ae7bfbd1dac9c39fefa6e15a488baf840b8aaf1

Download Submit
C:\Windows\SysWOW64\gunuthcuvvvay.exe

Filesize
5KB

MD5
8b75f548f625f5bcdefd8a002b413126

SHA1
cb30cad9b1eaab56528f063957982cd90c824589

SHA256
c8aedcde02051e1e93dda61a7e73daafdaf8ea9ff0458bc7ba8674a8bea7058b

SHA512
20212c80e77f458f4593d3b550a5b9a63dd0a34c6cb10dd0d450c0499da530baaee1839f5ae328313fc416ccf0b51d11205a90e576f43794f18af895b08be1b8

Download Submit
C:\Windows\SysWOW64\gunuthcuvvvay.exe

Filesize
1KB

MD5
ec89629d437c17787acc7061c89e753c

SHA1
c65089b32eba1cf75d3546335718073460c971f9

SHA256
87b17909878537f2c3d3bc046f54b9eb382e312fa75d2b177457a978dcc7d83c

SHA512
65f02cc30b64e2c33d7287c135bc0bb20abe1e35c7176a03e47403db3e21da28f7e7ec7a13ef748aeb76ac06e5e159a9b4e62196692c3411459a4ae235a1bec9

Download Submit
C:\Windows\SysWOW64\lxfrzbphin.exe

Filesize
14KB

MD5
d23d0b0bbb0919f2c97ecc5496c3d109

SHA1
5207c85057e55638849aaab943ab1d3404b53567

SHA256
addf28bc089ad49c8a11f502ad2bec4911810a6e5a8f2c5b6bd1fce7b397007d

SHA512
ed59952935863e48644937974a4e9ad4d08a8424b49edd251e028c0ff73d26937f2e38d303fe1a04ad291b5fbd70a55feb90ccb28ec4ea37665f27ba42b622fb

Download Submit
C:\Windows\SysWOW64\lxfrzbphin.exe

Filesize
63KB

MD5
284684e313f632bdac19223c8e8fb1a9

SHA1
8db843cdaedfed4b01eb68f664c899d514d6b199

SHA256
caa55b6052b3568ad66a0910f96a6b417e6327504d594c9272e7343800028ae1

SHA512
e17426e666c65b2b3ffb504ef42e97062712c94271e7a172634e60d012794b8e31cc680dadfaaa60bc7e3e1e981ad642e0f0d1058b28de7b9d2bf27de6ceafcd

Download Submit
C:\Windows\SysWOW64\roocblxn.exe

Filesize
71KB

MD5
9479ad06b48c9a8765345002fadd4cec

SHA1
b46f8e5d0c8f1f6efc75dd3a8ec45e37d1e20351

SHA256
90d533155aaab43b4298aa6eb933129af9bc600daca49c3cabf221d559f38d86

SHA512
79a4a29174180145421ff9efaa1640f92766eeaabe9ba480fa194d8575fd394519625d657296ce91f2347d427aad7144996c04098c990c5c478b5387bc89cccf

Download Submit
C:\Windows\SysWOW64\roocblxn.exe

Filesize
64KB

MD5
649ef87d7a22be0e2e46e9eea1201b15

SHA1
e2f2782b73beed80618f8b9403b4b6cf12f8f0d8

SHA256
612cd70c753e9f6bb783c03ba18c4b975e0fc7736d7ac4d10ad33d09c783d81c

SHA512
44dd25d943315d0a697a4de71e5bce9892cb7e3b50726fd0792721542bb1854901526517905cfec891a663c88e487767c075ed64af0797d57c0d90440e35651d

Download Submit
C:\Windows\SysWOW64\roocblxn.exe

Filesize
70KB

MD5
6110af0e6c061b990b8f710f352d21b9

SHA1
4be0fffb6df65ca87f41c21b01bc89088e8d9591

SHA256
7e464121ac13f59ee5074ccc5ae44f1f6b5c8c8b97298b2072d0c431f1021356

SHA512
961b5a84688d4670ddfbab04607525697028325dcc313bf7757c27274955f8975d435e6a3ed2678d595266c4750e3f146ae745c65f8e4f30aac38d3df0daf941

Download Submit
\??\c:\Users\Admin\Documents\EnableRepair.doc.exe

Filesize
22KB

MD5
c35b2f65fd767f423fb344bedcf79bfd

SHA1
6cec7c1d0a1468b15dddff8edb61a1b2ad01af2b

SHA256
ae60d02beb1477b817d83bcb61b0766960cd3052ff77cdcb1eed92b218a6271c

SHA512
5b09c80bf9aa27a978b689b023c9d88cf84bbbed2e116d5aaab9978555545db6c98f2b5f93e63fb946640225624486917e867a2cbd17fe2e30885583e2fbaa15

Download Submit
\??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe

Filesize
70KB

MD5
1a35559f5089832214fa77bbad4b08a9

SHA1
6e8e0e709dd0854038f6838319c4f7788a1f8f3c

SHA256
31229a9366141bbee65874694d99c12d34922550442d4b49802945a7d0cec8b7

SHA512
b77fc0a80aa39f4d21025a99ae4355bbfb72c54e9c49c74e953a9f42a7553b7e7bda7a1784d3786774580b3dba4c4f11a56ba8f9ac4d675fa7bfbc70f4caee1c

Download Submit
\??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe

Filesize
46KB

MD5
9c2cd3ff7f8e5d7ed5218eef1e0b8c6d

SHA1
db721c575b92476e6da84719e41c93be43bd35f5

SHA256
7c5a2b2689d0efab8a1cca3d75d6f59b487894900195009466ac1a4041c09aa3

SHA512
70ec1ffea0e89c4bcda95e3bb67f87a41fa1c2dd9e767bb9347be0d2601b78105778d1ea1b177bcacf856d51b4fc108532a244ea20bf7beac0c94dc7de84076d

Download Submit
memory/4016-55-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-60-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-58-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-49-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-47-0x00007FFC7CED0000-0x00007FFC7CEE0000-memory.dmp

Filesize
64KB

Download
memory/4016-46-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-44-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-42-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-41-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-39-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-38-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-37-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-61-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-36-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-35-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-56-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-57-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-136-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-54-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-53-0x00007FFC7CED0000-0x00007FFC7CEE0000-memory.dmp

Filesize
64KB

Download
memory/4016-50-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-48-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-45-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-43-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-40-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-116-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-140-0x00007FFCBF1B0000-0x00007FFCBF3A5000-memory.dmp

Filesize
2.0MB

Download
memory/4016-139-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-138-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4016-137-0x00007FFC7F230000-0x00007FFC7F240000-memory.dmp

Filesize
64KB

Download
memory/4336-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download