Overview

overview

10

Static

static

10

Venom-Rat-...0.html

windows7-x64

1

Venom-Rat-...0.html

windows10-2004-x64

1

Venom-Rat-...0.html

windows7-x64

1

Venom-Rat-...0.html

windows10-2004-x64

1

Venom-Rat-...il.dll

windows7-x64

1

Venom-Rat-...il.dll

windows10-2004-x64

1

Venom-Rat-...at.dll

windows7-x64

1

Venom-Rat-...at.dll

windows10-2004-x64

1

Venom-Rat-...me.dll

windows7-x64

1

Venom-Rat-...me.dll

windows10-2004-x64

1

Venom-Rat-...ed.exe

windows7-x64

8

Venom-Rat-...ed.exe

windows10-2004-x64

8

Majid Z Hacker.exe

windows7-x64

8

Majid Z Hacker.exe

windows10-2004-x64

8

Majid Z Hacker.exe

windows7-x64

10

Majid Z Hacker.exe

windows10-2004-x64

10

Windows Program.exe

windows7-x64

7

Windows Program.exe

windows10-2004-x64

7

script.vbs

windows7-x64

10

script.vbs

windows10-2004-x64

10

windows registry.exe

windows7-x64

10

windows registry.exe

windows10-2004-x64

10

firewall.exe

windows7-x64

8

firewall.exe

windows10-2004-x64

Venom Cracked.exe

windows7-x64

1

Venom Cracked.exe

windows10-2004-x64

1

Venom-Rat-...er.exe

windows7-x64

1

Venom-Rat-...er.exe

windows10-2004-x64

1

Venom-Rat-...ed.exe

windows7-x64

10

Venom-Rat-...ed.exe

windows10-2004-x64

10

Majid Z Ha...te.exe

windows7-x64

10

Majid Z Ha...te.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Majid Z Hacker.exe

  • Size

    413KB

  • MD5

    d546dc22ad3450598ab32de298a72a80

  • SHA1

    6c0b509488bdb86a679a4499e6ebf276ac9d8ea1

  • SHA256

    b29885d1b7a7710d0bb85861609520cc7bd53524ab5525cd9b9c47690f0103a2

  • SHA512

    79e5bca20e23b0cff3d7d98003ae6d69d8932a75eeff23f31ec4c0aae93a02d41593c60d3a6fcb8a06600e21bfa7190210e4842bcba3ba8e9a7d62f344b48980

  • SSDEEP

    12288:6+81qE0efXk6XLUwx7YfR43JDOpedYhN7zf+:6o5yU6XIGYqJDOpJPzf+

Score
10/10
njratevasionpersistencetrojanupx

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs
    evasiontrojan
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 14 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe
    "C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\SysWOW64\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs" /elevate
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:4384
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableRealtimeMonitoring $true
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3564
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBehaviorMonitoring $true
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4732
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4228
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3100
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1664
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2752
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2968
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4680
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2528
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1760
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2804
    • C:\Users\Admin\AppData\Local\Temp\windows registry.exe
      "C:\Users\Admin\AppData\Local\Temp\windows registry.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4256
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\windows registry.exe" "windows registry.exe" ENABLE
        3⤵
        • Modifies Windows Firewall
        PID:5704
    • C:\Users\Admin\AppData\Local\Temp\Windows Program.exe
      "C:\Users\Admin\AppData\Local\Temp\Windows Program.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Windows\SysWOW64\WSCript.exe
        WSCript C:\Users\Admin\AppData\Local\Temp\DNLEWE.vbs
        3⤵
          PID:1444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4428,i,5047420736443372512,9747851268033796534,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:8
      1⤵
        PID:4816

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Initial Access

      Execution

      Persistence

      Create or Modify System Process

      2
      T1543

      Windows Service

      2
      T1543.003

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Privilege Escalation

      Create or Modify System Process

      2
      T1543

      Windows Service

      2
      T1543.003

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Defense Evasion

      Modify Registry

      2
      T1112

      Impair Defenses

      2
      T1562

      Disable or Modify Tools

      1
      T1562.001

      Disable or Modify System Firewall

      1
      T1562.004

      Credential Access

      Discovery

      Query Registry

      1
      T1012

      System Information Discovery

      2
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Resource Development

      Reconnaissance

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
        Filesize

        2KB

        MD5

        3d086a433708053f9bf9523e1d87a4e8

        SHA1

        b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

        SHA256

        6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

        SHA512

        931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        18KB

        MD5

        ce221cd35edbe5f5d1db41f2d4bcf327

        SHA1

        954f33756b950f367615102c945e6e0a720ee839

        SHA256

        a948e910770a7d4ad6f02b0b7c5c2545388ed122dc02672662ac3627f1a52488

        SHA512

        9a2dc78d3098b7dd19fe07822736bc201877bec03bbdd214aac3cac41a4ff091f8c2576cf0021cea6bbe0a40ac2a0e95adb9ec0fc299ff3ad64801c1a8b41d93

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        18KB

        MD5

        b17b16513c34f224212c0eae920629da

        SHA1

        327bf5363b000d64e976302b6462ac63edcbc2f7

        SHA256

        c3193bbcf57ed3e1d6db1502f6b53735ed846f0a5171abede45462132cb3da9c

        SHA512

        c8507d0c628776059a411bf822192a26f9b2d0d53827b518503ff2d9618bdfb48b1275013edbbe853e47b5d32d0356a5c670857c41af5abed905f24f1a22c75d

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        18KB

        MD5

        5d0f74edf0581a5bf63061c8e5026952

        SHA1

        6dbe619d6f098bfdf84a041cc556a4b7b3bc66c7

        SHA256

        12614810d501bf836392a0d6357ff7a69daea59df6ff4c11b9fb4a6e37787987

        SHA512

        50a073a9a33523505370e610ec2571ce76ab7d01462b06888e0edeb23db8382f29ca9026ddb61d01c01fe8ad64fcee225c9269f6fd3fbc441b80ee504701efcd

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        18KB

        MD5

        bab4ec488ff7c6b226542a903be028e9

        SHA1

        bf0fb2a23820c68a586e95e1f9985bbe8d10a4f3

        SHA256

        c4d0adfa97bede5d005544f92aaccce9c4ae102fae15dba0a1e038542e0b886a

        SHA512

        ad827848752bbf26490317b08801a2092a100938bd99071c7130e0786abf11306d3e5d404e49aee288dd493ae6a9be537e103737e69fdfd0869bd5fc9f86da50

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        18KB

        MD5

        ba109f5d0bc2559abb83c96c7ed1b64d

        SHA1

        be025fcfd76b6e334e7dad594a4139d8c0faea05

        SHA256

        16826b1e5df4f0e3e6f2e89f35563c57eb84d9af7962661a378288ae703b4b22

        SHA512

        c4f44a3f859cb6d9d003fee307259518a82860c77c6b0596077b4cabc9488070d233e046b27be481366470d6fffdd8d65842615a136007796921dfcbb34bb23f

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\DNLEWE.vbs
        Filesize

        850B

        MD5

        59ccb6ffd3155d4e1e16509c1d2b424b

        SHA1

        c4b3aaa2e1f972aa6f1ae4a1543452d93bf1491c

        SHA256

        ba844c991f9fc79f240573cf20e975ac60ae70adc4f45298059e53474df49d1c

        SHA512

        8b1f99c486b756305dc3480182e2b6a37454e156050da9a3e2ff21ce131e7a34a3ebe740f7f07ed17e79e79a5ddf4213e509d009391d69c317b643b5f183b053

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Windows Program.exe
        Filesize

        356KB

        MD5

        470c1aaa600dfd81af4cfb23bee7490c

        SHA1

        17cc0969b22f293b9bab656da3c9e4e4f6a3dbd0

        SHA256

        438c6c0291603bd92a66731abcf32e478dc19093c1c0f3c75ee5117192913809

        SHA512

        9a9927ce72abab495474fcc153dc65fcbe15f46cd08e03e892f05b1ad2025d80301b40cf922fee9bbfb4cc2aeffe867a772bc381c1694289e13cf1fde591fbee

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_thvdctmy.uo4.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\script.vbs
        Filesize

        1KB

        MD5

        77a4da4863ffcaba51ce05d3c632158d

        SHA1

        253f9a594a6ca3a7a23acb90f8dc81939215ba4b

        SHA256

        ecd586281fc4655e40108fcf118beeae3411c1c1176951a763e47fb66d2e421f

        SHA512

        ba215fa65a011f5841f5e92b4053895c13368e894817551a982ca3e821726b8bbb13616bca8781fed08f4c83528d0d3ac233fa1f3e14ad4253fdefd9a22253cf

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\windows registry.exe
        Filesize

        23KB

        MD5

        0e61e56cab42baa9ac421252c13809ed

        SHA1

        f058e2efd1181d5285eef36fa2bae9658ccc20f9

        SHA256

        6f788d9f8b51ba8321f1837e02d10c5d94efc74c7be26f734c34a4d602b8d1bc

        SHA512

        e5cd90240468d86f5230d1c9f7c355c32cdbf3b5a0c041914d009c8145d260f469f75cf28e2b307964c64b6c6255a6fc6e258b5bb6525b50824365227c38e624

        Download Submit
      • memory/1664-189-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/1664-264-0x0000000007750000-0x0000000007761000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1664-262-0x00000000075C0000-0x00000000075CA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/1760-252-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/2528-219-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/2608-251-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-302-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-307-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-306-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-305-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-304-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-303-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-22-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-301-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-300-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-293-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-299-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-297-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-296-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2608-294-0x0000000000400000-0x00000000004CA000-memory.dmp
        Filesize

        808KB

        Download
      • memory/2752-209-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/2804-229-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/2968-235-0x0000000008100000-0x000000000877A000-memory.dmp
        Filesize

        6.5MB

        Download
      • memory/2968-179-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/3100-268-0x00000000074E0000-0x00000000074E8000-memory.dmp
        Filesize

        32KB

        Download
      • memory/3100-265-0x00000000073F0000-0x00000000073FE000-memory.dmp
        Filesize

        56KB

        Download
      • memory/3100-169-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/3100-266-0x0000000007400000-0x0000000007414000-memory.dmp
        Filesize

        80KB

        Download
      • memory/3100-267-0x0000000007500000-0x000000000751A000-memory.dmp
        Filesize

        104KB

        Download
      • memory/3564-34-0x0000000005100000-0x0000000005136000-memory.dmp
        Filesize

        216KB

        Download
      • memory/3564-144-0x00000000066C0000-0x00000000066DE000-memory.dmp
        Filesize

        120KB

        Download
      • memory/3564-199-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/3564-35-0x00000000058A0000-0x0000000005EC8000-memory.dmp
        Filesize

        6.2MB

        Download
      • memory/3564-263-0x0000000007C80000-0x0000000007D16000-memory.dmp
        Filesize

        600KB

        Download
      • memory/3564-145-0x0000000006780000-0x00000000067CC000-memory.dmp
        Filesize

        304KB

        Download
      • memory/4228-146-0x0000000006EA0000-0x0000000006ED2000-memory.dmp
        Filesize

        200KB

        Download
      • memory/4228-147-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/4228-158-0x0000000006EE0000-0x0000000006F83000-memory.dmp
        Filesize

        652KB

        Download
      • memory/4228-157-0x0000000006210000-0x000000000622E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/4256-25-0x0000000073880000-0x0000000073E31000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/4256-295-0x0000000073880000-0x0000000073E31000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/4256-24-0x0000000073882000-0x0000000073883000-memory.dmp
        Filesize

        4KB

        Download
      • memory/4256-27-0x0000000073880000-0x0000000073E31000-memory.dmp
        Filesize

        5.7MB

        Download
      • memory/4680-241-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/4732-236-0x0000000007520000-0x000000000753A000-memory.dmp
        Filesize

        104KB

        Download
      • memory/4732-49-0x0000000005B40000-0x0000000005E94000-memory.dmp
        Filesize

        3.3MB

        Download
      • memory/4732-159-0x000000006DFE0000-0x000000006E02C000-memory.dmp
        Filesize

        304KB

        Download
      • memory/4732-43-0x0000000005AD0000-0x0000000005B36000-memory.dmp
        Filesize

        408KB

        Download
      • memory/4732-41-0x0000000005330000-0x0000000005352000-memory.dmp
        Filesize

        136KB

        Download
      • memory/4732-42-0x0000000005A60000-0x0000000005AC6000-memory.dmp
        Filesize

        408KB

        Download