Resubmissions

30-05-2024 17:47

240530-wcxz1sgf22 10

30-05-2024 16:25

240530-twz8dadh81 10

Analysis

  • max time kernel
    1043s
  • max time network
    971s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30-05-2024 17:47

General

  • Target

    d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe

  • Size

    1.8MB

  • MD5

    7ed56e09edb6badc89bf9c17c5ffeb75

  • SHA1

    d4b80e6c219a63aaaf7f9d3dc3e216944cc2b7c7

  • SHA256

    d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2

  • SHA512

    6f3a3c3555a05ad68479134ddeba61dff98767c0a9598501112fed553e84a0c4a1db66d709da64f5ca52af59acaf390949d94ebf9b136a97a941770db6e7e7c2

  • SSDEEP

    49152:0rGPIoQ0PRkiMh85QpeAS4jo5yc7H0PsggZncxCehr5:0rjoaPh8ipeAS4jo/7H0PsRkR5

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

49e482

C2

http://147.45.47.70

Attributes
  • install_dir

    1b29d73536

  • install_file

    axplont.exe

  • strings_key

    4d31dd1a190d9879c21fac6d87dc0043

  • url_paths

    /tr8nomy/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 19 IoCs
  • Checks BIOS information in registry 2 TTPs 38 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 18 IoCs
  • Identifies Wine through registry keys 2 TTPs 19 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 19 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe
    "C:\Users\Admin\AppData\Local\Temp\d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:828
    • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
      "C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:3120
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4440
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3484
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1096
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2260
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3548
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3916
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2112
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:240
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5064
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1412
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4344
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5024
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5060
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3376
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:940
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2588
  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4584

Network

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe
    Filesize

    1.8MB

    MD5

    7ed56e09edb6badc89bf9c17c5ffeb75

    SHA1

    d4b80e6c219a63aaaf7f9d3dc3e216944cc2b7c7

    SHA256

    d1f7cc65d685c009d8b679aa59907745f83985187d9b7d8e7153d8df15f516a2

    SHA512

    6f3a3c3555a05ad68479134ddeba61dff98767c0a9598501112fed553e84a0c4a1db66d709da64f5ca52af59acaf390949d94ebf9b136a97a941770db6e7e7c2

  • memory/240-92-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/240-93-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/828-5-0x0000000000EF0000-0x00000000013B7000-memory.dmp
    Filesize

    4.8MB

  • memory/828-2-0x0000000000EF1000-0x0000000000F1F000-memory.dmp
    Filesize

    184KB

  • memory/828-3-0x0000000000EF0000-0x00000000013B7000-memory.dmp
    Filesize

    4.8MB

  • memory/828-17-0x0000000000EF0000-0x00000000013B7000-memory.dmp
    Filesize

    4.8MB

  • memory/828-0-0x0000000000EF0000-0x00000000013B7000-memory.dmp
    Filesize

    4.8MB

  • memory/828-1-0x0000000077C26000-0x0000000077C28000-memory.dmp
    Filesize

    8KB

  • memory/940-157-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/940-159-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/1096-48-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/1412-110-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/2112-84-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/2112-83-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/2260-57-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/2260-56-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/2588-167-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/2588-169-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-63-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-96-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-33-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-34-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-35-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-36-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-37-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-18-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-19-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-41-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-42-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-43-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-44-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-45-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-46-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-20-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-49-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-50-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-51-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-52-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-53-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-54-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-21-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-22-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-58-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-59-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-60-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-61-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-62-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-105-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-104-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-103-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-67-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-68-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-69-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-70-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-71-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-72-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-102-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-99-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-76-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-77-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-78-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-79-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-80-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-81-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-26-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-25-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-85-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-86-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-87-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-88-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-89-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-90-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-24-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-23-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-94-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-95-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-32-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-97-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3120-98-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3376-147-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3376-149-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3484-39-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3484-40-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3548-65-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3548-66-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3916-75-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/3916-74-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4344-118-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4344-120-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4440-30-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4440-28-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4440-31-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4440-29-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/4584-178-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/5024-130-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/5024-128-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/5060-139-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB

  • memory/5064-101-0x0000000000E30000-0x00000000012F7000-memory.dmp
    Filesize

    4.8MB