Overview

overview

10

Static

static

10

a245b51ab7...JC.exe

windows7-x64

10

a245b51ab7...JC.exe

windows10-1703-x64

10

a245b51ab7...JC.exe

windows10-2004-x64

10

a245b51ab7...JC.exe

windows11-21h2-x64

10

Resubmissions

10/04/2024, 02:56

240410-dff7kacd24 10

10/04/2024, 02:56

240410-de3zyacc96 10

10/04/2024, 02:56

240410-de3deaff6t 10

10/04/2024, 02:56

240410-de23msff6s 10

09/09/2023, 14:35

230909-rx47lsbh52 10

Analysis

  • max time kernel
    299s
  • max time network
    305s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe

  • Size

    119KB

  • MD5

    369204590ce91e77109e21a298753522

  • SHA1

    e981f0c86c42e9e8fcbc7dcff0e05c35887a3869

  • SHA256

    a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647

  • SHA512

    bf4367a692eb1f4c31533ee1391cfc1708c75bf726dd5287ac0fa2e602664fa3a74458ded18c1831db16f0462b202f79b10d0f82f3bcb98423a460002e04cf32

  • SSDEEP

    3072:P56Q4BB1q/hJcq4YZRKsySYSLLx9yLjj6TG6WVt9bm+EFyW43LORzMJS/3:Fha6BuQdwLKTGLt9bmhD4q1Mc

Score
10/10
gurcucollectiondiscoveryspywarestealer

Malware Config

Signatures

  • Detect Gurcu Stealer V3 payload 2 IoCs
  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 12 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 18 IoCs
    collection
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\Admin\AppData\Local\Temp\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe" &&START "" "C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:4756
        • C:\Windows\system32\PING.EXE
          ping 127.0.0.1
          3⤵
          • Runs ping.exe
          PID:4676
        • C:\Windows\system32\schtasks.exe
          schtasks /create /tn "a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe" /rl HIGHEST /f
          3⤵
          • Creates scheduled task(s)
          PID:2088
        • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          "C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe"
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Accesses Microsoft Outlook profiles
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4636
          • C:\Windows\System32\tar.exe
            "C:\Windows\System32\tar.exe" -xvzf "C:\Users\Admin\AppData\Local\Temp\tmpBA18.tmp" -C "C:\Users\Admin\AppData\Local\84tnjh4449"
            4⤵
              PID:2076
            • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
              "C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt"
              4⤵
              • Executes dropped EXE
              PID:1364
      • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
        C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
        1⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Accesses Microsoft Outlook profiles
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1204
        • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
          "C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:3068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4432 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:2132
        • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          1⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Accesses Microsoft Outlook profiles
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4720
          • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
            "C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt"
            2⤵
            • Executes dropped EXE
            PID:4628
        • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          1⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Accesses Microsoft Outlook profiles
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1628
          • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
            "C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt"
            2⤵
            • Executes dropped EXE
            PID:2180
        • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          1⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Accesses Microsoft Outlook profiles
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
            "C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt"
            2⤵
            • Executes dropped EXE
            PID:1552
        • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          1⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Accesses Microsoft Outlook profiles
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • outlook_office_path
          • outlook_win_path
          PID:4000
          • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
            "C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt"
            2⤵
            • Executes dropped EXE
            PID:2972

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\84tnjh4449\data\cached-certs
          Filesize

          18KB

          MD5

          0de44f0610454f90ea58350082288d67

          SHA1

          2b6fce27afa9fc03df3fb277fe5b6198c383438f

          SHA256

          56b59eee4bc492645628f4eb759854e3d4654a13d1d3b4925bc602c5c729048b

          SHA512

          4d3f348e76a5cf2262b96c188b785e9eeea9172e611afe393120635031f8a26dc2ef4e2b2159de710c429a4cc92a60bd856995967d2dfa9fffadc6e93ac2535a

          Download Submit

        • C:\Users\Admin\AppData\Local\84tnjh4449\data\cached-microdesc-consensus.tmp
          Filesize

          2.7MB

          MD5

          a0db8a87f7b723266c8b04255da46b06

          SHA1

          4df00ea56d22d88f3d2e005ef66bad5b3ef92ebf

          SHA256

          60b43cdce0f807f7891521f396f53def34a7d98986dbde0faa2a197189c587f3

          SHA512

          41b8fc467d11af7ca6a42c7e94d1b8295ab3ae5d6d186b4f378e6e079440520e8324b695da1134beb2bc1697d2491edcc70c1b75ab6fc66b9c1cb2ecbcdb4a7d

          Download Submit

        • C:\Users\Admin\AppData\Local\84tnjh4449\data\cached-microdescs.new
          Filesize

          11.4MB

          MD5

          751c4ae4f7e7244245c0c6b615e0993c

          SHA1

          ee358663a86848c9385f677356f83ee5d3da35dd

          SHA256

          897ae090dc50ed9c9e518ef59b9a9b1c891fd642d8aa8565f24925dfc81b18a3

          SHA512

          2093fca7b071f37a9e518b2c7987e1d028321f8759dafe91094facec8d6f80694d0496b2c714658e8b05db302e1d545b2cc0c6a59684f6618ed180dce0f0457e

          Download Submit

        • C:\Users\Admin\AppData\Local\84tnjh4449\host\hostname
          Filesize

          64B

          MD5

          f7486bb9a2237a4a82b23a99fc0de37f

          SHA1

          a22e4ff092ac6d992370753c17c0c0640742eb01

          SHA256

          3c6c51d2f50fa18a1219af1f75501dae24bc86f7a1214216bfe204fca79ffd96

          SHA512

          3294a1da9ee51e73ac0906e28afe3bcbb778cc391c5566f3739560c383de7426968d457eaa5e8f18a93c087dbac2aee6a1578dc2b5d5ad3510fe0afbe43c2454

          Download Submit

        • C:\Users\Admin\AppData\Local\84tnjh4449\port.dat
          Filesize

          4B

          MD5

          492114f6915a69aa3dd005aa4233ef51

          SHA1

          4342020ae701621941617ed40e87afab63192704

          SHA256

          ab1cf2aa0aa1839cd8eefdd91fbe0d0c88e9d08ef5215cb030186896a268673b

          SHA512

          85c96f4663c84720b9b08d3b597c6465b02bc80e5328862334d00045e0be9c76f6c4e3ad14be6c382c33e39ef371ef2e8c1bf70438114e95f7ea1505bc63823d

          Download Submit

        • C:\Users\Admin\AppData\Local\84tnjh4449\tor\tor.exe
          Filesize

          7.4MB

          MD5

          88590909765350c0d70c6c34b1f31dd2

          SHA1

          129b27c3926e53e5df6d44cc6adf39c3a8d9ebf7

          SHA256

          46fe244b548265c78ab961e8f787bc8bf21edbcaaf175fa3b8be3137c6845a82

          SHA512

          a8af08d9169a31a1c3419d4e6e8fbe608c800d323840563b5a560d3e09e78a492201f07cc0d3864efbff8ad81e59885fc43a6b749e0a3377aa8555df258af192

          Download Submit

        • C:\Users\Admin\AppData\Local\84tnjh4449\torrc.txt
          Filesize

          218B

          MD5

          3abd5e8647247c7d2c6049613e8f4584

          SHA1

          5c43cc0aaddc15ca58f85fc0822ab5d2cc080436

          SHA256

          f187d1372a02984071c37729f6cc922f23cd0750d3391fd57e19e2511f4ef447

          SHA512

          36de21e2f206f90384aeb38461b7a83f37c805bef47bcdd23999dc359024763ac12c488f66b8ee5584e302e3d096a441017063000bedd79bd53bd97f3435cf27

          Download Submit

        • C:\Users\Admin\AppData\Local\EsetSecurity\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe
          Filesize

          119KB

          MD5

          369204590ce91e77109e21a298753522

          SHA1

          e981f0c86c42e9e8fcbc7dcff0e05c35887a3869

          SHA256

          a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647

          SHA512

          bf4367a692eb1f4c31533ee1391cfc1708c75bf726dd5287ac0fa2e602664fa3a74458ded18c1831db16f0462b202f79b10d0f82f3bcb98423a460002e04cf32

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe.log
          Filesize

          847B

          MD5

          3308a84a40841fab7dfec198b3c31af7

          SHA1

          4e7ab6336c0538be5dd7da529c0265b3b6523083

          SHA256

          169bc31a8d1666535977ca170d246a463e6531bb21faab6c48cb4269d9d60b2e

          SHA512

          97521d5fb94efdc836ea2723098a1f26a7589a76af51358eee17292d29c9325baf53ad6b4496c5ca3e208d1c9b9ad6797a370e2ae378072fc68f5d6e8b73b198

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\installUtilLog.txt
          Filesize

          236B

          MD5

          62cc8ba84b1f556d8fd3c5bd77dba46f

          SHA1

          d4e357c3fc9abe8047b55cd137c71cd46dee4df3

          SHA256

          7537a862417e5d203e8b5616a7e2f0c4d0c19c01d6490cac8f232c9fcce7ffa1

          SHA512

          d21f82f240307ca512ca6da473439db6ad5bd54481d7822540b7b4a1b103b315d15aa7a71f44916254f7d05e141c9528d5cc849c81b8f8c36c24c58ae8da9833

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\installUtilLog.txt
          Filesize

          354B

          MD5

          d4dfa7dfae88013f9e9409c54948f443

          SHA1

          8678a19cfa73d4c5cdf43a666f365fa91e92c447

          SHA256

          a198e407f68cf410104abb15f283386203247584934189e29aea6bb39076a1b2

          SHA512

          9b5064081321a218c22c3db8b336fec5894533ca7580c4e6882dae8456d32d8f00d4910db678dab714047ba534a7b3505e8ddcd5f32df9a8ae5e7144172eab13

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\installUtilLog.txt
          Filesize

          472B

          MD5

          89a188e16aa9a9de426c297707c428c3

          SHA1

          55ffb35a4b37ec83f083c9521fc04eeeb83d38a1

          SHA256

          3643c6bdd7675822e1ad02c5b38484ec995c8670b093f05f4947b75c05f03bad

          SHA512

          dc368f7adc8f682a744c9d0f4b7da8a0cbd5f8332d08deb6d90407d79625bab880899f287997f8e10e20f6f2d94540522ea0c9ff2ceda84308c79bf3685f3218

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\installUtilLog.txt
          Filesize

          590B

          MD5

          4b5925f93ee5b9d42de5fd76b37b6a39

          SHA1

          e511b37e4545fcc3877558d1373ce5d611c5fcfe

          SHA256

          315b5c1d9b3719808dee2d95d6f1fd9078ae377b57c49327adf197be475835cc

          SHA512

          3d14ac953f0c5159b7a9d469d044c928d6b1bb7e1c8a094863343e4d11c839a6793cb75e448975bda82cec7414a5e12b8dd9ba53484778f97f521d1acd8321e3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmpBA18.tmp
          Filesize

          13.3MB

          MD5

          89d2d5811c1aff539bb355f15f3ddad0

          SHA1

          5bb3577c25b6d323d927200c48cd184a3e27c873

          SHA256

          b630008f6d3887793d48b87091e56691e292894dd4fa100dc4a418a2f29dcc12

          SHA512

          39e576124c54143520c5435a2ef9b24506131e13403489c0692f09b89135015d611c4988d4772f8a1e6557fa68b4667d467334461009cee8c2227dfc3e295289

          Download Submit

        • memory/1204-43-0x0000021EE2DD0000-0x0000021EE2DE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1204-41-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1204-60-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1204-59-0x0000021EE2DE0000-0x0000021EE2EE2000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1628-119-0x000002B727150000-0x000002B727252000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1628-115-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1628-120-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2832-141-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2832-140-0x000001A87AAD0000-0x000001A87ABD2000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2832-136-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2968-6-0x00007FF8EF690000-0x00007FF8F0151000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2968-0-0x0000019A60840000-0x0000019A60864000-memory.dmp

          Filesize

          144KB

          Download

        • memory/2968-3-0x00007FF8EF690000-0x00007FF8F0151000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2968-4-0x0000019A62460000-0x0000019A62470000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4000-149-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4000-158-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4000-157-0x000001FCD0060000-0x000001FCD0162000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4636-11-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4636-54-0x000001E375500000-0x000001E375602000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4636-70-0x000001E3753B0000-0x000001E3753C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4636-12-0x000001E3753B0000-0x000001E3753C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4636-61-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4720-98-0x0000021BBB060000-0x0000021BBB070000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4720-97-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4720-103-0x00007FF8EF0E0000-0x00007FF8EFBA1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4720-102-0x0000021BBB3B0000-0x0000021BBB4B2000-memory.dmp

          Filesize

          1.0MB

          Download