Overview

overview

7

Static

static

3

f4a10201bc...e5.exe

windows7-x64

7

f4a10201bc...e5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 06:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4a10201bc2159ff5c13ab4410724243c65f8eeccab73ec24752d40e047962e5.exe

  • Size

    6.0MB

  • MD5

    b30fb1d20455d602b406eca5ed3329e6

  • SHA1

    93f560a5771d35b2bdcd23ce3ce9cdf2b96cde19

  • SHA256

    f4a10201bc2159ff5c13ab4410724243c65f8eeccab73ec24752d40e047962e5

  • SHA512

    9d1bb3834a70fbd7a982d4da757f478a37c4a5fbed8a917bfd89195454d4e958c1c2ad353bb6aaf3601c77bd5299bafb3bc5555dcbf809226979268acb1bd9ce

  • SSDEEP

    98304:c0G1E13HhStHxV8ItdWEZ3Xy3cB27OgUWZHwuS2JBAUZL4:nGxV8It/JiY2sWpJV8

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4a10201bc2159ff5c13ab4410724243c65f8eeccab73ec24752d40e047962e5.exe
    "C:\Users\Admin\AppData\Local\Temp\f4a10201bc2159ff5c13ab4410724243c65f8eeccab73ec24752d40e047962e5.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://changkongbao.lanzouq.com/ikW9T1cfeg5e
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3076
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff19cb46f8,0x7fff19cb4708,0x7fff19cb4718
        3⤵
          PID:3420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
          3⤵
            PID:1896
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2232
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
            3⤵
              PID:4892
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              3⤵
                PID:1824
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                3⤵
                  PID:4652
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                  3⤵
                    PID:1040
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2704
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                    3⤵
                      PID:396
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                      3⤵
                        PID:2388
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                        3⤵
                          PID:1976
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                          3⤵
                            PID:2092
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                            3⤵
                              PID:4168
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                              3⤵
                                PID:4032
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12356108515234928728,8064921191620562263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                                3⤵
                                  PID:2280
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3300
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3400

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  b2a1398f937474c51a48b347387ee36a

                                  SHA1

                                  922a8567f09e68a04233e84e5919043034635949

                                  SHA256

                                  2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                                  SHA512

                                  4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  1ac52e2503cc26baee4322f02f5b8d9c

                                  SHA1

                                  38e0cee911f5f2a24888a64780ffdf6fa72207c8

                                  SHA256

                                  f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                                  SHA512

                                  7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  203861b848744ca563e09506ea7a024e

                                  SHA1

                                  c4a8307e334e3692653125e7f97214b6d69e9e46

                                  SHA256

                                  0fd9b804461089cbd18d7f4b3b1d18883b9a6a6eb20e6cf4e089c20938fc83ce

                                  SHA512

                                  975902037964ab348e9572679cf0051da799ae20fca2cdae1ab6f286690d5efa687491bd4561628e2918cecf6eb0597a0d9fcbccb7f567d9bfa488725f104962

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  23f3942348cad92a9a33175106d27c7a

                                  SHA1

                                  e802260569029871b33b5c1f5c49b7f7c751e0d3

                                  SHA256

                                  6894aa5bc3b50fefd654a591292cf17acf639cf0db058e59f1a3762f0fe0d3e0

                                  SHA512

                                  45508015bd8069f1eb5d399901015b9840744df54d9667e798d406b8166138f971460cc0a9bd5d8cc300eb3322f67b778a00b3876cce18fc13f0b554f28da3a4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  0047dc5b7dc317578d2974e67068d3f8

                                  SHA1

                                  52d9ebda03a22f044647d3eca57bf95c17de2f20

                                  SHA256

                                  95a7df27731904c4bf6eb1de17d4b8c6ad24d3e2f2a335d41c0cab38b11c7f0f

                                  SHA512

                                  5c9495a72097109e7cb6c840e8a050015cd4de42a475cd48ff51497801eab1d08f2a56d81193a5551cb36326f657dbf1f77a3679d616a913ea38160c73208fc7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\ExuiKrnln_Win32_20230421.lib
                                  Filesize

                                  1.5MB

                                  MD5

                                  ef48d7cc52338513cc0ce843c5e3916b

                                  SHA1

                                  20965d86b7b358edf8b5d819302fa7e0e6159c18

                                  SHA256

                                  835bfef980ad0cedf10d8ade0cf5671d9f56062f2b22d0a0547b07772ceb25a8

                                  SHA512

                                  fd4602bd487eaad5febb5b3e9d8fe75f4190d1e44e538e7ae2d2129087f35b72b254c85d7335a81854aa2bdb4f0f2fa22e02a892ee23ac57b78cdd03a79259b9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\·½°¸.ini
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\·½°¸.ini
                                  Filesize

                                  8KB

                                  MD5

                                  1d67dafae0fcabbdc7ffaa3095ca3b61

                                  SHA1

                                  6ea71d27c8bf64ff601585c961a65c1adc9d7775

                                  SHA256

                                  51037184b477771ebe0558bed508315e05de95cb170a40a975d2326e97bfe88e

                                  SHA512

                                  b1ebb5d6d68fd2c5372114494dca30eff6107e263313b8889c4ef9b3f2311d3fc0b557bbcefa6911547727eac0b345df904993561c5a6feb87426158a4684d71

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\¿ì½Ý·¢ÑÔ·½°¸.txt
                                  Filesize

                                  204B

                                  MD5

                                  1f176fd422d932b3f73c59cd0e8a4d0b

                                  SHA1

                                  e944c5a2805bb8809ddef9402304a12e6d3a3751

                                  SHA256

                                  f96f94e2c2d39b65dd9ca21a66abf75ed7b4c2d03bc703c5afc71fa1ea12669e

                                  SHA512

                                  7b0b29b2e9f0e6730541d206fde7cd2a5318a227f67b25c56b3005acd30201d11cbec7ddcdd9ad2149981ae681adffa2b161e2588375447b4add74eaea7db225

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\ÉèÖÃ.ini
                                  Filesize

                                  225B

                                  MD5

                                  0e66900340fc19323c256461904893d9

                                  SHA1

                                  daf382f14a93f5cc7a839f0d2914a7fe699cbbee

                                  SHA256

                                  3c0466e79066d63e524f4b8f5423409a9fcfa769334cde7b1628d5f86265be10

                                  SHA512

                                  2c446d717530e6e73c59f965b034ca9cd92409d5eeb2f60c9d001ef0f905e09864ab0448b929deea46a25bdab707ae61d45ab78c23cb37a6dc6c0eb85300b2b8

                                  Download Submit

                                • memory/4824-12-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-1-0x0000000000400000-0x0000000000A5D000-memory.dmp

                                  Filesize

                                  6.4MB

                                  Download

                                • memory/4824-2-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-39-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-35-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-34-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-33-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-30-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-24-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-19-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-13-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-0-0x0000000002980000-0x000000000298B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/4824-10-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-8-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-6-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-4-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-3-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-51-0x0000000002980000-0x000000000298B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/4824-55-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4824-57-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4824-58-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4824-15-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-106-0x0000000005F10000-0x0000000005F11000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4824-105-0x0000000005F20000-0x0000000005F21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4824-17-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-25-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-27-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-41-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-43-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-48-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-52-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4824-50-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-49-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/4824-45-0x0000000010000000-0x000000001003E000-memory.dmp

                                  Filesize

                                  248KB

                                  Download